Red Hat Bugzilla – Bug 220595
CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 multiple vulnerabilities in lha
Last modified: 2011-08-02 14:19:20 EDT
Description of problem:
Multiple vulnerabilities found in GNU gzip also apply to lha, namely:
CVE-2006-4335, CVE-2006-4337 and CVE-2006-4338.
Those are described in detail in
Version-Release number of selected component (if applicable):
RHEL 2.1, RHEL 3, RHEL 4 and FC 5
Reproducers available for gzip do not work.
As it's Christmas soon, my Christmas presence for you is the backported patch,
so you don't have to deal with change of coding style between the releases :)
Created attachment 144273 [details]
Backported patch for releases after RHEL 2.1
Created attachment 144274 [details]
Backported patch for RHEL 2.1 release
Reporter changed to email@example.com by request of Jay Turner.
This was addressed via:
Red Hat Enterprise Linux version 2.1 (RHSA-2006:0667)
Red Hat Enterprise Linux version 3 (RHSA-2006:0667)
Red Hat Enterprise Linux version 4 (RHSA-2006:0667)
Red Hat no longer plans to fix this issue in lha for Red Hat Enterprise Linux 4.