Al Viro posted to vendor-sec on Apr22: zgrep contains the following gem: for i do [snip] if test $with_filename -eq 1; then sed_script="s|^[^:]*:|${i}:|" else sed_script="s|^|${i}:|" fi $grep $opt "$pat" | sed "$sed_script" [snip] done Aside of the correctness issues (try to use zgrep on files with e.g. '&' in names), it leads to obvious fun when zgrep arguments had been obtained by globbing in an untrusted place. Even with standard sed we have at least ;w<filename>; to deal with; for GNU sed there's also ;e; on top of that (execute the contents of pattern space). bzgrep is no better - it's based on zgrep. AFAICS, there are two solutions - one is to do what *BSD had done and make grep(1) use zlib and libbz; then zgrep et.al. become links to grep. Another is to quote \, |, ; and newlines, which means extra invocation of sed(1)... Treating as embargoed. Also affects bzip2 package; not creating extra bug at this time
*** This bug has been marked as a duplicate of 123012 ***
not a duplicate. 123012 refers to this bug as it applies to Fedora Core; this bug refers to Red Hat Enterprise Linux. The two will probably require different solutions.
Ping on this issue (now that there is a new maintainer)
The new version 1.3.3-10.rhel3 is in errata process now. Ivana Varekova
Ivana, Can you verify if this issue also affects RHEL2.1 and RHEL4? My notes say yes but the bug doesn't specify.
Yes I will verify it. Ivana
New RHEL2.1 and RHEL4 versions are in errata process now. Ivana Varekova
Testing successful with the following: gzip-1.3-16.rhel2 gzip-1.3.3-10.rhel3 gzip-1.3.3-14.rhel4
Lifting embargo
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-357.html