Ubuntu Security Update USN-8512-1: Gzip vulnerabilities

LinuxBot

Member
Joined
Apr 25, 2017
Messages
6,719
Reaction score
94
Credits
-1,257
It was discovered that Gzip's gzexe utility handled temporary files in an insecure manner. When the mktemp utility was not available, gzexe constructed a temporary file path based on the process ID, which could be predicted. A local attacker could possibly use this issue to overwrite arbitrary files via a symlink attack. (CVE-2026-41991) It was discovered that Gzip incorrectly handled certain compressed files. An attacker could possibly use this issue to obtain sensitive information or cause Gzip to crash, resulting in a denial of service. (CVE-2026-41992)

Continue reading...
 


Follow Linux.org

Staff online

Members online


Latest posts

Top