cleemy desu wayo reported that incorrect handling of filenames by zgrep in gzip, the GNU compression utilities, can result in overwrite of arbitrary files or execution of arbitrary code if a file with a specially crafted filename is processed. For the oldstable distribution (buster), this problem has been fixed in version 1.9-3+deb10u1. For the stable distribution (bullseye), this problem has been fixed in version 1.10-4+deb11u1. We recommend that you upgrade your gzip packages. For the detailed security status of gzip please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gzip
cleemy desu wayo reported that incorrect handling of filenames by zgrep in gzip, the GNU compression utilities, can result in overwrite of arbitrary files or execution of arbitrary code if a file with a specially crafted filename is processed.
For the oldstable distribution (buster), this problem has been fixed in version 1.9-3+deb10u1.
For the stable distribution (bullseye), this problem has been fixed in version 1.10-4+deb11u1.
We recommend that you upgrade your gzip packages.
For the detailed security status of gzip please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gzip