LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

gzip: arbitrary code execution

Package(s):gzip CVE #(s):CVE-2009-2624
Created:January 20, 2010 Updated:March 8, 2010
Description:

From the Debian advisory:

Thiemo Nagel discovered a missing input sanitation flaw in the way gzip used to decompress data blocks for dynamic Huffman codes, which could lead to the execution of arbitrary code when trying to decompress a crafted archive. This issue is a reappearance of CVE-2006-4334 and only affects the lenny version.

Alerts:
rPath rPSA-2010-0013-1 2010-03-07
Ubuntu USN-889-1 2010-01-20
Mandriva MDVSA-2010:020 2010-01-20
Debian DSA-1974-1 2010-01-20
Fedora FEDORA-2010-0884 2010-01-22
Fedora FEDORA-2010-0964 2010-01-22
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds