Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Gentoo: 200505-05 Advisory on Gzip Command Execution Vulnerabilities

gentoo
Calendar Grey May 9, 2005
Scroller Gentoo
Numerous security flaws in bzip2 may permit unauthorized command execution and modification of file permissions on Gentoo systems.
gzip contains multiple vulnerabilities potentially allowing an attacker to execute arbitrary commands.

Summary

Gentoo Linux Security Advisory GLSA 200505-05 https://security.gentoo.org/ Severity: Normal Title: gzip: Multiple vulnerabilities Date: May 09, 2005 Bugs: #89946, #90626 ID: 200505-05

Synopsis ======= gzip contains multiple vulnerabilities potentially allowing an attacker to execute arbitrary commands.
Background ========= gzip (GNU zip) is a popular compression program. The included zgrep utility allows you to grep gzipped files in place.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-arch/gzip < 1.3.5-r6 >= 1.3.5-r6
========== The gzip and gunzip programs are vulnerable to a race condition when setting file permissions (CAN-2005-0988), as well as im...

Read the Full Advisory

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround