Hi friends!
I read from
http://www.gzip.org that a BUG is in gzip 1.2.4
gzip 1.2.4 may crash when an input file name is too long (over 1020 characters).
The buffer overflow may be exploited if gzip is run by a server such as
an ftp server. Some ftp servers allow compression and decompression on the fly and are
thus vulnerable.
This patch to gzip 1.2.4 fixes the problem. The beta version 1.3.2
already includes a sufficient patch; use this version if you have to handle files larger than 2 GB.
A new official version of gzip will be released soon.
Since 1.2.4 is the version we have in /usr/bin/gzip ,
will it be safe to replace it with the patched version ?
Thank you very much from Italy,
Emanuele
$$$ mail: AMB-GEM-CLIM ENEA Casaccia
$$$ I-00060 S.M. di Galeria (RM) ITALY
$$$ mailto:emanuele.lombardi_at_casaccia.enea.it
$$$ tel +39 06 30483366 fax +39 06 30484264
$$$
$$$ |||
$$$ \|/ ;_;
$$$ What does a process need | /"\
$$$ to become a daemon ? | \v/
$$$ | |
$$$ - a fork o---/!\---
$$$ | |_|
$$$ | _/ \_
$$$* Contrary to popular belief, UNIX is user friendly.
$$$ It's just very particular about who it makes friends with.
$$$* Computers are not intelligent, but they think they are.
$$$* True programmers never die, they just branch to an odd address
$$$* THIS TRANSMISSION WAS MADE POSSIBLE BY 100% RECYCLED ELECTRONS
Received on Tue Feb 05 2002 - 13:05:47 NZDT