Several security issues were fixed in Gzip.
Software Description:
- gzip: GNU compression utilities
Details:
It was discovered that Gzip's gzexe utility handled temporary files in an
insecure manner. When the mktemp utility was not available, gzexe
constructed a temporary file path based on the process ID, which could be
predicted. A local attacker could possibly use this issue to overwrite
arbitrary files via a symlink attack. (CVE-2026-41991)
It was discovered that Gzip incorrectly handled certain compressed files.
An attacker could possibly use this issue to obtain sensitive information
or cause Gzip to crash, resulting in a denial of service. (CVE-2026-41992)
The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS gzip 1.14-1~exp2ubuntu1.1 Ubuntu 24.04 LTS gzip 1.12-1ubuntu3.2 Ubuntu 22.04 LTS gzip 1.10-4ubuntu4.2 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-8512-1
CVE-2026-41991, CVE-2026-41992
Get the latest Linux and open source security news straight to your inbox.