Red Hat Bugzilla – Bug 220596
CVE-2006-4335/7/8 multiple vulnerabilities in lha
Last modified: 2007-11-30 17:11:52 EST
+++ This bug was initially created as a clone of Bug #220595 +++
Description of problem:
Multiple vulnerabilities found in GNU gzip also apply to lha, namely:
CVE-2006-4335, CVE-2006-4337 and CVE-2006-4338.
Those are described in detail in
Version-Release number of selected component (if applicable):
RHEL 2.1, RHEL 3, RHEL 4 and FC 5
Reproducers available for gzip do not work.
As it's Christmas soon, my Christmas presence for you is the backported patch,
so you don't have to deal with change of coding style between the releases :)
-- Additional comment from firstname.lastname@example.org on 2006-12-22 07:40 EST --
Created an attachment (id=144273)
Backported patch for releases after RHEL 2.1
The lha package is not in FC6 or newer... Changed version to FC5.