==========================================================================
Ubuntu Security Notice USN-8512-1
July 06, 2026

gzip vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in Gzip.

Software Description:
- gzip: GNU compression utilities

Details:

It was discovered that Gzip's gzexe utility handled temporary files in an
insecure manner. When the mktemp utility was not available, gzexe
constructed a temporary file path based on the process ID, which could be
predicted. A local attacker could possibly use this issue to overwrite
arbitrary files via a symlink attack. (CVE-2026-41991)

It was discovered that Gzip incorrectly handled certain compressed files.
An attacker could possibly use this issue to obtain sensitive information
or cause Gzip to crash, resulting in a denial of service. (CVE-2026-41992)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  gzip                            1.14-1~exp2ubuntu1.1

Ubuntu 24.04 LTS
  gzip                            1.12-1ubuntu3.2

Ubuntu 22.04 LTS
  gzip                            1.10-4ubuntu4.2

In general, a standard system update will make all the necessary
changes.

References:
  https://ubuntu.com/security/notices/USN-8512-1
  CVE-2026-41991, CVE-2026-41992

Package Information:
  https://launchpad.net/ubuntu/+source/gzip/1.14-1~exp2ubuntu1.1
  https://launchpad.net/ubuntu/+source/gzip/1.12-1ubuntu3.2
  https://launchpad.net/ubuntu/+source/gzip/1.10-4ubuntu4.2

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to