Patch-ID# 120720-01 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: security gzip permissions Synopsis: SunOS 5.10_x86 : gzip patch Date: Sep/22/2005 Install Requirements: NA Solaris Release: 10_x86 SunOS Release: 5.10_x86 Unbundled Product: Unbundled Release: Xref: Patch available for SPARC as patch 120719 Topic: SunOS 5.10_x86 : gzip patch Relevant Architectures: i386 BugId's fixed with this patch: 6283819 6294656 Changes incorporated in this version: 6283819 6294656 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/bin/gunzip /usr/bin/gzcat /usr/bin/gzcmp /usr/bin/gzdiff /usr/bin/gzegrep /usr/bin/gzexe /usr/bin/gzfgrep /usr/bin/gzforce /usr/bin/gzgrep /usr/bin/gzip /usr/bin/gzless /usr/bin/gzmore /usr/bin/gznew /usr/share/src/gzip/AUTHORS /usr/share/src/gzip/COPYING /usr/share/src/gzip/ChangeLog /usr/share/src/gzip/INSTALL /usr/share/src/gzip/Makefile.am /usr/share/src/gzip/Makefile.in /usr/share/src/gzip/NEWS /usr/share/src/gzip/README /usr/share/src/gzip/README-alpha /usr/share/src/gzip/README.sfw /usr/share/src/gzip/THANKS /usr/share/src/gzip/TODO /usr/share/src/gzip/aclocal.m4 /usr/share/src/gzip/algorithm.doc /usr/share/src/gzip/amiga/Makefile.gcc /usr/share/src/gzip/amiga/Makefile.sasc /usr/share/src/gzip/amiga/match.a /usr/share/src/gzip/amiga/tailor.c /usr/share/src/gzip/amiga/utime.h /usr/share/src/gzip/atari/Makefile.st /usr/share/src/gzip/bits.c /usr/share/src/gzip/config.h.in /usr/share/src/gzip/configure /usr/share/src/gzip/configure.in /usr/share/src/gzip/crypt.c /usr/share/src/gzip/crypt.h /usr/share/src/gzip/deflate.c /usr/share/src/gzip/depcomp /usr/share/src/gzip/getopt.c /usr/share/src/gzip/getopt.h /usr/share/src/gzip/getopt1.c /usr/share/src/gzip/gunzip.1 /usr/share/src/gzip/gzexe.1 /usr/share/src/gzip/gzexe.in /usr/share/src/gzip/gzip.1 /usr/share/src/gzip/gzip.c /usr/share/src/gzip/gzip.doc /usr/share/src/gzip/gzip.h /usr/share/src/gzip/gzip.info /usr/share/src/gzip/gzip.texi /usr/share/src/gzip/inflate.c /usr/share/src/gzip/install-sh /usr/share/src/gzip/lzw.c /usr/share/src/gzip/lzw.h /usr/share/src/gzip/m4/shell.m4 /usr/share/src/gzip/match.c /usr/share/src/gzip/missing /usr/share/src/gzip/mkinstalldirs /usr/share/src/gzip/msdos/Makefile.bor /usr/share/src/gzip/msdos/Makefile.djg /usr/share/src/gzip/msdos/Makefile.msc /usr/share/src/gzip/msdos/doturboc.bat /usr/share/src/gzip/msdos/gzip.prj /usr/share/src/gzip/msdos/match.asm /usr/share/src/gzip/msdos/tailor.c /usr/share/src/gzip/nt/Makefile.nt /usr/share/src/gzip/os2/Makefile.os2 /usr/share/src/gzip/os2/gzip.def /usr/share/src/gzip/os2/gzip16.def /usr/share/src/gzip/primos/build.cpl /usr/share/src/gzip/primos/ci.opts /usr/share/src/gzip/primos/include/errno.h /usr/share/src/gzip/primos/include/fcntl.h /usr/share/src/gzip/primos/include/stdlib.h /usr/share/src/gzip/primos/include/sysStat.h /usr/share/src/gzip/primos/include/sysTypes.h /usr/share/src/gzip/primos/primos.c /usr/share/src/gzip/primos/readme /usr/share/src/gzip/revision.h /usr/share/src/gzip/rpmatch.c /usr/share/src/gzip/sample/add.c /usr/share/src/gzip/sample/makecrc.c /usr/share/src/gzip/sample/sub.c /usr/share/src/gzip/sample/zfile /usr/share/src/gzip/sample/zread.c /usr/share/src/gzip/sample/ztouch /usr/share/src/gzip/tailor.h /usr/share/src/gzip/texinfo.tex /usr/share/src/gzip/trees.c /usr/share/src/gzip/unlzh.c /usr/share/src/gzip/unlzw.c /usr/share/src/gzip/unpack.c /usr/share/src/gzip/unzip.c /usr/share/src/gzip/util.c /usr/share/src/gzip/vms/Makefile.gcc /usr/share/src/gzip/vms/Makefile.mms /usr/share/src/gzip/vms/Makefile.vms /usr/share/src/gzip/vms/Readme.vms /usr/share/src/gzip/vms/gzip.hlp /usr/share/src/gzip/vms/makegzip.com /usr/share/src/gzip/vms/vms.c /usr/share/src/gzip/yesno.c /usr/share/src/gzip/zcat.1 /usr/share/src/gzip/zcmp.1 /usr/share/src/gzip/zdiff.1 /usr/share/src/gzip/zdiff.in /usr/share/src/gzip/zforce.1 /usr/share/src/gzip/zforce.in /usr/share/src/gzip/zgrep.1 /usr/share/src/gzip/zgrep.in /usr/share/src/gzip/zip.c /usr/share/src/gzip/zless.1 /usr/share/src/gzip/zless.in /usr/share/src/gzip/zmore.1 /usr/share/src/gzip/zmore.in /usr/share/src/gzip/znew.1 /usr/share/src/gzip/znew.in Problem Description: 6283819 gzip TOCTOU file-permissions vulnerability 6294656 gzip vulnerability <=1.3.5: a malicious archive may write unintended files when uncompressed with -N Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-10 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE 1: If you encounter patchadd or patchrm problems (refer to Bugid 6224767), such as "wordlist too large" messages while installing this patch, you may need to install the following patch: 119255-02 (or greater) Install & Patch Utilities Patch README -- Last modified date: Thursday, September 22, 2005