Multiple security vulnerabilities in compression tool gzip
Numerous Linux distributors and the developers of FreeBSD have released new packets of the open source (un)zip program gzip (GNUzip). The update fixes four vulnerabilities. Three of these are based on buffer overflows in the functions make_table in unlzh.c, build_tree in unpack.c and make_table in the LHA support. When unzipping prepared archives, malicious code can be infiltrated onto the computer and be executed in the user's context. The fourth vulnerability is in the function huft_build during LZH processing, however, it merely cases the application to crash.
No official patch is available at present. Users should install the packages for their distribution as quickly as possible.
- CVE-2006-4334 gzip multiple issues, entry in Bugzilla database by Red Hat