Re: [SECURITY] New versions of gzip available
On 14 May, Martin Schulze wrote:
> We were told by Michal Zalewski that gzexe as shipped with gzip uses
> an unsecure method decompressing executables on the fly opening a way
> of calling arbitrary programs. Newer versions for bo and hamm are
> fixing this. We recommend you upgrade your gzip package if you're
> using the gzexe method.
>
> dpkg -i file.deb
> will install the referenced file.
>
{root@brian}{/tmp}[123]>dpkg -i gzip_1.2.4-26.1.deb
(Reading database ... 26847 files and directories currently installed.)
Preparing to replace gzip 1.2.4-15 (using gzip_1.2.4-26.1.deb) ...
Unpacking replacement gzip ...
dpkg: dependency problems prevent configuration of gzip:
gzip depends on debianutils (>= 1.6); however:
Version of debianutils on system is 1.5.
dpkg: error processing gzip (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
gzip
I can't seem to find a debianutils_1.6* under any of the bo*
directories on the ftp sites.
Thanks,
Brian Servis
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: