The following security announcement applies to gzip. If you have gzip installed on your system please see below for details on the vulnerability and instructions on patching your system:
It was discovered that gzip incorrectly handled certain malformed
compressed files. If a user or automated system were tricked into opening a
specially crafted gzip file, an attacker could cause gzip to crash or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2009-2624)Aki Helin discovered that gzip incorrectly handled certain malformed
files compressed with the Lempel–Ziv–Welch (LZW) algorithm. If a user or
automated system were tricked into opening a specially crafted gzip file,
an attacker could cause gzip to crash or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-0001).
The above security vulnerabilities apply to the following Ubuntu releases:
- Ubuntu 6.06 LTS
- Ubuntu 8.04 LTS
- Ubuntu 8.10
- Ubuntu 9.04
- Ubuntu 9.10
If you are have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:
Apply Updates
To apply the updates run the following command(s) within your Terminal:
sudo aptitude update
sudo aptitude safe-upgrade
In general, a standard system upgrade is sufficient to effect the necessary changes.