Re: [SECURITY] New versions of gzip available

To: security@debian.org, debian-user@lists.debian.org
Subject: Re: [SECURITY] New versions of gzip available
From: servis@purdue.edu
Date: Thu, 14 May 1998 05:56:58 -0500 (CDT)
Message-id: <[🔎] 355acd284c10002@herald.cc.purdue.edu>
Reply-to: servis@purdue.edu
In-reply-to: <19980514112625.A646@kuolema.Infodrom.North.DE>

On 14 May, Martin Schulze wrote:
> We were told by Michal Zalewski that gzexe as shipped with gzip uses
> an unsecure method decompressing executables on the fly opening a way
> of calling arbitrary programs.  Newer versions for bo and hamm are
> fixing this.  We recommend you upgrade your gzip package if you're
> using the gzexe method.
> 
> dpkg -i file.deb
>         will install the referenced file.
> 

{root@brian}{/tmp}[123]>dpkg -i gzip_1.2.4-26.1.deb 
(Reading database ... 26847 files and directories currently installed.)
Preparing to replace gzip 1.2.4-15 (using gzip_1.2.4-26.1.deb) ...
Unpacking replacement gzip ...
dpkg: dependency problems prevent configuration of gzip:
 gzip depends on debianutils (>= 1.6); however:
  Version of debianutils on system is 1.5.
dpkg: error processing gzip (--install):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 gzip

I can't seem to find a debianutils_1.6* under any of the bo*
directories on the ftp sites.  

Thanks,
Brian Servis

--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: [SECURITY] New versions of gzip available
  - From: "Christian Hudon" <chrish@debian.org>
- Re: [SECURITY] New versions of gzip available
  - From: Ed Cogburn <ecogburn@greene.xtn.net>

Prev by Date: Re: Can't boot up from resc1440tecra.bin
Next by Date: Re: Debian named and blank files
Previous by thread: Re: NORMAL_ATTACK and HAVY_ATTACK messages
Next by thread: Re: [SECURITY] New versions of gzip available
Index(es):
- Date
- Thread