Included gzip 1.2.4 has several vulnerabilities
Bug #1358762 reported by
Cs-gon
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
klibc |
New
|
Undecided
|
Unassigned | ||
klibc (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
The included gzip version is quite old (version 1.2.4) and has several security vulnerabilities.
Check http://
I explicitly checked for CVE-2001-1228, which was not fixed by a patch in the klibc package, so I assume the other vulnerabilities are not fixed either.
I think it would be a good idea to update the included gzip to a current version.
CVE References
information type: | Private Security → Public Security |
Changed in klibc (Ubuntu): | |
status: | New → Confirmed |
To post a comment you must log in.
Will this security vulnerability get fixed at all? I realize that the impact is pretty small, because someone would have to explicitly use the gzip binary provided with klibc. But even the new klibc package in trusty/utopic/vivid still contains the old 1.2.4 version of gzip.