Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu Gzip Critical Denial Of Service Local Attack USN-8512-1

ubuntu
Calendar Grey July 6, 2026
Dist Ubuntu Esm H88
Several critical security issues were resolved in Gzip affecting multiple Ubuntu releases. Update to maintain security.
Several security issues were fixed in Gzip.

Summary

Several security issues were fixed in Gzip.

Software Description:

- gzip: GNU compression utilities

Details:

It was discovered that Gzip's gzexe utility handled temporary files in an

insecure manner. When the mktemp utility was not available, gzexe

constructed a temporary file path based on the process ID, which could be

predicted. A local attacker could possibly use this issue to overwrite

arbitrary files via a symlink attack. (CVE-2026-41991)

It was discovered that Gzip incorrectly handled certain compressed files.

An attacker could possibly use this issue to obtain sensitive information

or cause Gzip to crash, resulting in a denial of service. (CVE-2026-41992)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  gzip                            1.14-1~exp2ubuntu1.1

Ubuntu 24.04 LTS
  gzip                            1.12-1ubuntu3.2

Ubuntu 22.04 LTS
  gzip                            1.10-4ubuntu4.2

In general, a standard system update will make all the necessary
changes.

References

https://ubuntu.com/security/notices/USN-8512-1

CVE-2026-41991, CVE-2026-41992

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8512-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here