Home / mailings [USN-8512-1] Gzip vulnerabilities
Posted on 06 July 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8512-1
July 06, 2026
gzip vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Gzip.
Software Description:
- gzip: GNU compression utilities
Details:
It was discovered that Gzip's gzexe utility handled temporary files in an
insecure manner. When the mktemp utility was not available, gzexe
constructed a temporary file path based on the process ID, which could be
predicted. A local attacker could possibly use this issue to overwrite
arbitrary files via a symlink attack. (CVE-2026-41991)
It was discovered that Gzip incorrectly handled certain compressed files.
An attacker could possibly use this issue to obtain sensitive information
or cause Gzip to crash, resulting in a denial of service. (CVE-2026-41992)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
gzip 1.14-1~exp2ubuntu1.1
Ubuntu 24.04 LTS
gzip 1.12-1ubuntu3.2
Ubuntu 22.04 LTS
gzip 1.10-4ubuntu4.2
In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-8512-1
CVE-2026-41991, CVE-2026-41992
Package Information:
https://launchpad.net/ubuntu/+source/gzip/1.14-1~exp2ubuntu1.1
https://launchpad.net/ubuntu/+source/gzip/1.12-1ubuntu3.2
https://launchpad.net/ubuntu/+source/gzip/1.10-4ubuntu4.2
--===============2720477429524207151==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
