Debian 11 DSA 752-1 Moderate: Gzip Local And Remote Threats Fix
debian
July 11, 2005
Two problems have been discovered in gzip, the GNU compression
utility.
Summary
Imran Ghory discovered a race condition in the permissions setting
code in gzip. When decompressing a file in a directory an
attacker has access to, gunzip could be tricked to set the file
permissions to a different file the user has permissions to.
CAN-2005-1228
Ulf Härnhammar discovered a path traversal vulnerability in
gunzip. When gunzip is used with the -N option an attacker could
this vulnerability to create files in an arbitrary directory with
the permissions of the user.
For the oldstable distribution (woody) these problems have been fixed in
version 1.3.2-3woody5.
For the stable distribution (sarge) these problems have been fixed in
version 1.3.5-10.
For the unstable distribution (sid) these problems have been fixed in
version 1.3.5-10.
We recommend that you upgrade your gzip package.
Upgrade Instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
...
PREVIOUS
NEXT
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!