Synopsis: Moderate: gzip security update Issue date: 2010-01-20 CVE Names: CVE-2010-0001 CVE-2010-0001 gzip: (64 bit) Integer underflow by decompressing LZW format files An integer underflow flaw, leading to an array index error, was found in the way gzip expanded archive files compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. If a victim expanded a specially-crafted archive, it could cause gzip to crash or, potentially, execute arbitrary code with the privileges of the user running gzip. This flaw only affects 64-bit systems. (CVE-2010-0001) SL 3.0.x SRPMS: gzip-1.3.3-15.rhel3.src.rpm i386: gzip-1.3.3-15.rhel3.i386.rpm x86_64: gzip-1.3.3-15.rhel3.x86_64.rpm SL 4.x SRPMS: gzip-1.3.3-18.el4_8.1.src.rpm i386: gzip-1.3.3-18.el4_8.1.i386.rpm x86_64: gzip-1.3.3-18.el4_8.1.x86_64.rpm SL 5.x SRPMS: gzip-1.3.5-11.el5_4.1.src.rpm i386: gzip-1.3.5-11.el5_4.1.i386.rpm x86_64: gzip-1.3.5-11.el5_4.1.x86_64.rpm -Connie Sieh -Troy Dawson