========================================================================== Post-Release Fix for F-Secure Internet Gatekeeper 6.42 Hotfix 2 Copyright (c) 1993-2006 F-Secure Corporation. All Rights Reserved. ========================================================================== SUMMARY This post-release fix is for the following products/versions: o F-Secure Internet Gatekeeper 6.42 If you use earlier versions of the above mentioned products, please download and install the latest version. This post-release fix includes the following fixes: o CTS#44625 Specially crafted ZIP archives may be used to execute code on affected systems o CTS#44639 RAR and ZIP archives can be crafted to avoid successful scanning and obfuscate malicious code in the archive Recommendation: Applying this post-release fix is strongly recommended. TECHNICAL DETAILS It is possible to create specially crafted ZIP archives that cause a buffer overflow. This allows an attacker to execute code of his choice on affected systems. It is in addition possible to create malformed RAR- and ZIP-archives that can’t be scanned properly. This can lead to a false negative scan result. For more detailed information, please see http://www.f-Secure.com/security/fsc-2006-1.shtml OTHER INFORMATION This post-release fix includes the following files: File Name File Version MD5 Checksum ----------------------------------------------------------------------- fm4av.dll 1.6.34.91 84C4E2C1A621DD0DF19EECF00D818B4B FSLFPI.dll 2.3.11.0 8A2627D26D4011C5876A33DF5CFEADBC NOTE: Fixes for a particular component are cumulative and contain all of the previous fixes for that component. For additional information, please visit F-Secure Support Center at: http://support.f-secure.com/ HOW TO APPLY THE POSTFIX o Unpack all files from the package into a temporary folder on the local machine. o Open this folder in Windows Explorer and then double-click "fsigk642-02.fsfix". -- end of file --