Re: [SECURITY] New versions of gzip available
servis@purdue.edu wrote:
>
> On 14 May, Martin Schulze wrote:
> > We were told by Michal Zalewski that gzexe as shipped with gzip uses
> > an unsecure method decompressing executables on the fly opening a way
> > of calling arbitrary programs. Newer versions for bo and hamm are
> > fixing this. We recommend you upgrade your gzip package if you're
> > using the gzexe method.
> >
> > dpkg -i file.deb
> > will install the referenced file.
> >
>
> {root@brian}{/tmp}[123]>dpkg -i gzip_1.2.4-26.1.deb
> (Reading database ... 26847 files and directories currently installed.)
> Preparing to replace gzip 1.2.4-15 (using gzip_1.2.4-26.1.deb) ...
> Unpacking replacement gzip ...
> dpkg: dependency problems prevent configuration of gzip:
> gzip depends on debianutils (>= 1.6); however:
> Version of debianutils on system is 1.5.
> dpkg: error processing gzip (--install):
> dependency problems - leaving unconfigured
> Errors were encountered while processing:
> gzip
>
> I can't seem to find a debianutils_1.6* under any of the bo*
> directories on the ftp sites.
>
> Thanks,
> Brian Servis
>
I have the same problem folks. debianutils in bo is 1.5. The new
gzip wants 1.6, but the version in hamm is glibc version 1.9, so there
is no way out of this catch-22 for those of us still using bo ... I've
put gzip on "Hold" in dselect for now.
--
Take it easy..
Ed C.
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: