Debian Security Advisory

gzip -- gzexe allows running arbitrary programs

Date Reported:
14 May 1998
Affected Packages:
Security database references:
No other external database security references currently available.
More information:
We were told by Michal Zalewski that gzexe as shipped with gzip uses an insecure method decompressing executables on the fly opening a way of calling arbitrary programs.
Fixed in:
Intel - (in release 1.3) 1.2.4-26.1 All - (in release 2.0) 1.2.4-27