|
|
Subscribe / Log in / New account

gzip: arbitrary code execution

Package(s):gzip CVE #(s):CVE-2009-2624
Created:January 20, 2010 Updated:March 8, 2010
Description:

From the Debian advisory:

Thiemo Nagel discovered a missing input sanitation flaw in the way gzip used to decompress data blocks for dynamic Huffman codes, which could lead to the execution of arbitrary code when trying to decompress a crafted archive. This issue is a reappearance of CVE-2006-4334 and only affects the lenny version.

Alerts:
Gentoo 201412-08 insight, perl-tk, sourcenav, tk, partimage, bitdefender-console, mlmmj, acl, xinit, gzip, ncompress, liblzw, splashutils, m4, kdm, gtk+, kget, dvipng, beanstalkd, pmount, pam_krb5, gv, lftp, uzbl, slim, iputils, dvbstreamer 2014-12-11
rPath rPSA-2010-0013-1 gzip 2010-03-07
Ubuntu USN-889-1 gzip 2010-01-20
Mandriva MDVSA-2010:020 gzip 2010-01-20
Debian DSA-1974-1 gzip 2010-01-20
Fedora FEDORA-2010-0884 gzip 2010-01-22
Fedora FEDORA-2010-0964 gzip 2010-01-22
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds