Debian Security Advisory
gzip -- gzexe allows running arbitrary programs
- Date Reported:
- 14 May 1998
- Affected Packages:
- Security database references:
- No other external database security references currently available.
- More information:
We were told by Michal Zalewski that gzexe as shipped with gzip uses an
insecure method decompressing executables on the fly opening a way of
calling arbitrary programs.
- Fixed in:
Intel - (in release 1.3) 1.2.4-26.1
All - (in release 2.0) 1.2.4-27