Scientific Linux Security Advisory: gcc Directory Traversal Vulnerability

Date: Wed, 9 May 2007 15:12:51 -0500
Reply-To: Connie Sieh 
Sender: Security Errata for Scientific Linux
 
From: Connie Sieh 
Subject: Security ERRATA for SL4 gcc i386/x86_64
Comments: To: scientific 

Synopsis: Moderate: gcc security and bug fix update
Issue date: 2007-05-01
CVE Names: CVE-2006-3619

Jorgen Weigert discovered a directory traversal flaw in fastjar. An
attacker could create a malicious JAR file which, if unpacked using
fastjar, could write to any files the victim had write access to.
(CVE-2006-3619)

SRPMS:
 gcc-3.4.6-8.src.rpm

i386:
 cpp-3.4.6-8.i386.rpm
 gcc-3.4.6-8.i386.rpm
 gcc-c++-3.4.6-8.i386.rpm
 gcc-g77-3.4.6-8.i386.rpm
 gcc-gnat-3.4.6-8.i386.rpm
 gcc-java-3.4.6-8.i386.rpm
 gcc-objc-3.4.6-8.i386.rpm
 libf2c-3.4.6-8.i386.rpm
 libgcc-3.4.6-8.i386.rpm
 libgcj-3.4.6-8.i386.rpm
 libgcj-devel-3.4.6-8.i386.rpm
 libgnat-3.4.6-8.i386.rpm
 libobjc-3.4.6-8.i386.rpm
 libstdc++-3.4.6-8.i386.rpm
 libstdc++-devel-3.4.6-8.i386.rpm

x86_64:
 cpp-3.4.6-8.x86_64.rpm
 gcc-3.4.6-8.x86_64.rpm
 gcc-c++-3.4.6-8.x86_64.rpm
 gcc-g77-3.4.6-8.x86_64.rpm
 gcc-gnat-3.4.6-8.x86_64.rpm
 gcc-java-3.4.6-8.x86_64.rpm
 gcc-objc-3.4.6-8.x86_64.rpm
 libf2c-3.4.6-8.i386.rpm
 libf2c-3.4.6-8.x86_64.rpm
 libgcc-3.4.6-8.i386.rpm
 libgcc-3.4.6-8.x86_64.rpm
 libgcj-3.4.6-8.i386.rpm
 libgcj-3.4.6-8.x86_64.rpm
 libgcj-devel-3.4.6-8.x86_64.rpm
 libgnat-3.4.6-8.i386.rpm
 libgnat-3.4.6-8.x86_64.rpm
 libobjc-3.4.6-8.i386.rpm
 libobjc-3.4.6-8.x86_64.rpm
 libstdc++-3.4.6-8.i386.rpm
 libstdc++-3.4.6-8.x86_64.rpm
 libstdc++-devel-3.4.6-8.i386.rpm
 libstdc++-devel-3.4.6-8.x86_64.rpm

-Connie Sieh
-Troy Dawson