Debian Security Advisory

gzip -- gzexe allows running arbitrary programs

Date Reported:: 14 May 1998
Affected Packages:: gzip
Vulnerable:: Yes
Security database references:: No other external database security references currently available.
More information:: We were told by Michal Zalewski that gzexe as shipped with gzip uses an insecure method decompressing executables on the fly opening a way of calling arbitrary programs.
Fixed in:: Intel - (in release 1.3) 1.2.4-26.1 All - (in release 2.0) 1.2.4-27

This page is also available in the following languages:

Deutsch español français hrvatski 日本語 (Nihongo) Русский (Russkij) svenska

How to set the default document language

To report a problem with the web site, please e-mail our publicly archived mailing list debian-www@lists.debian.org in English. For other contact information, see the Debian contact page. Web site source code is available.

Last Modified: Mon, Oct 21 16:43:37 UTC 2019
Last Built: Thu, Nov 14 21:38:27 UTC 2019
Copyright © 1998-2019 SPI and others; See license terms
Debian is a registered trademark of Software in the Public Interest, Inc.