Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Red Hat Enterprise Linux 2.1: Critical Buffer Overflow in Ncompress Alert

red hat
Calendar Grey December 13, 2004
Dist Redhat Esm H88
Explore the revamped ncompress toolkit released by Red Hat, which tackles concerns related to buffer overflow vulnerabilities and file management mishaps.
An updated ncompress package that fixes a buffer overflow and problem in the handling of files larger than 2 GB is now available.

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

126776 - [RHEL2.1] compress does not work if the file size is greater than 2GB 136661 - CAN-2001-1413 Stack-based buffer overflow in the comprexx function

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: 514bcc89bdd8d5a71fc5d01ce2f2ac61 ncompress-4.2.4-37.src.rpm

i386: b3cd3462d6a09d8d7d14c4e7b2744923 ncompress-4.2.4-37.i386.rpm

ia64: 36338acd3f00f119ed4b50fe2c67663d ncompress-4.2.4-37.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: 514bcc89bdd8d5a71fc5d01ce2f2ac61 ncompress-4.2.4-37.src.rpm

ia64: 36338acd3f00f119ed4b50fe2c67663d ncompress-4.2.4-37.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: 514bcc89bdd8d5a71fc5d01ce2f2ac61 ncompress-4.2.4-37.src.rpm

i386: b3cd3462d6a09d8d7d14c4e7b2744923 ncompress-4.2.4-37.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: 514bcc89bdd8d5a71fc5d01ce2f2ac61 ncompress-4.2.4-37.src.rpm

i386: b3cd3462d6a09d8d7d14c4e7b2744923 ncompress-4.2.4-37.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from

Summary

References

http://www.kb.cert.org/vuls/id/176363 https://www.cve.org/CVERecord?id=CAN-2001-1413

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2004:536-01
Issue date: 2004-12-13
Updated on: 2004-12-13
Product: Red Hat Enterprise Linux

Topic

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Red Hat Enterprise Linux WS version 2.1 - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here