paul Posted January 20, 2010 Report Share Posted January 20, 2010 A vulnerability has been found and corrected in gzip: An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could provide a specially-crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip (CVE-2010-0001). The updated packages have been patched to correct thies issue. Link to comment Share on other sites More sharing options...
Recommended Posts