Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo: GLSA-200406-19 Moderate: tar Vulnerability in Archive Extraction

gentoo
Calendar Grey June 24, 2004
Dist Gentoo Esm H88
The Gentoo Security Advisory GLSA 200406-18 alerts users to a critical gzip vulnerability due to inadequate input validation that may allow command execution by attackers.
gzip contain a bug potentially allowing an attacker to execute arbitrary commands.

Summary

Gentoo Linux Security Advisory GLSA 200406-18 https://security.gentoo.org/ Severity: Normal Title: gzip: Insecure creation of temporary files Date: June 24, 2004 Bugs: #54890 ID: 200406-18

Synopsis ======= gzip contain a bug potentially allowing an attacker to execute arbitrary commands.
Background ========= gzip (GNU zip) is popular compression program. The included gzexe utility allows you to compress executables in place and have them automatically uncompress and execute when you run them.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-arch/gzip <= 1.3.3-r3 >= 1.3.3-r4
========== The script gzexe included with gzip contains a bug in the code t...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo privilege escalation command execution gzip normal severity

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo privilege escalation command execution gzip normal severity

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here