The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Search the VMware Knowledge Base (KB)
View by Article ID
VMware ESX 3.5, Patch ESX350-201006406-SG: Updates GNU Gzip package
Details
Release Date: June 24, 2010
Download Size:
94KB
Download Filename: ESX350-201006406-SG.zip
md5sum:
21845a6c5c123b250e6855d41e195add
Product Versions
ESX 3.5
Build
259926
Patch Classification
Security
Supersedes
N/A
Requires
ESX350-200911202-UG
Virtual Machine Migration or Reboot Required
No
Host Reboot Required
No
PRs Fixed
516882
Affected Hardware
N/A
Affected Software
N/A
RPMs Included
gzip
Related CVE Numbers
CVE-2010-0001
Solution
Summaries and Symptoms
The service console package for Gzip is updated to version gzip-1.3.3-15.rhel3. This update fixes an integer underflow error in the way Gzip expands archive files. The integer underflow error, which leads to an array index error, was found in the way Gzip expanded archive files compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. Expanding the archive might cause Gzip to fail, or potentially, allow execution of arbitrary code with the privileges of the user running Gzip. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0001 to this issue.
Deployment Considerations
None beyond the required patch bundles and reboot information listed in the table, above.
