Bug 220595 - (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337) CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 multiple vulnerabilities in lha
CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 multiple vulnerabilities in lha
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://sourceforge.jp/projects/lha/do...
public=20061202,reported=20061204,sou...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-12-22 07:40 EST by Red Hat Product Security
Modified: 2011-08-02 14:19 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-08-02 14:19:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Backported patch for releases after RHEL 2.1 (3.65 KB, patch)
2006-12-22 07:40 EST, Lubomir Kundrak
no flags Details | Diff
Backported patch for RHEL 2.1 release (3.65 KB, patch)
2006-12-22 07:42 EST, Lubomir Kundrak
no flags Details | Diff

  None (edit)
Description Lubomir Kundrak 2006-12-22 07:40:17 EST
Description of problem:

Multiple vulnerabilities found in GNU gzip also apply to lha, namely:
CVE-2006-4335, CVE-2006-4337 and CVE-2006-4338.

Those are described in detail in
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676

Version-Release number of selected component (if applicable):
RHEL 2.1, RHEL 3, RHEL 4 and FC 5

How reproducible:

Reproducers available for gzip do not work.

Additional info:

As it's Christmas soon, my Christmas presence for you is the backported patch,
so you don't have to deal with change of coding style between the releases :)
Comment 1 Lubomir Kundrak 2006-12-22 07:40:17 EST
Created attachment 144273 [details]
Backported patch for releases after RHEL 2.1
Comment 2 Lubomir Kundrak 2006-12-22 07:42:53 EST
Created attachment 144274 [details]
Backported patch for RHEL 2.1 release
Comment 4 Red Hat Bugzilla 2009-10-23 15:03:31 EDT
Reporter changed to security-response-team@redhat.com by request of Jay Turner.
Comment 5 Vincent Danen 2010-12-22 11:39:58 EST
This was addressed via:

Red Hat Enterprise Linux version 2.1 (RHSA-2006:0667)
Red Hat Enterprise Linux version 3 (RHSA-2006:0667)
Red Hat Enterprise Linux version 4 (RHSA-2006:0667)
Comment 6 Josh Bressers 2011-08-02 14:19:20 EDT
Statement:

Red Hat no longer plans to fix this issue in lha for Red Hat Enterprise Linux 4.

Note You need to log in before you can comment on or make changes to this bug.