Mandrake Linux Security Advisory : gzip (MDKSA-2003:068)
Low Nessus Plugin ID 14051
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionA vulnerability exists in znew, a script included with gzip, that would create temporary files without taking precautions to avoid a symlink attack. Patches have been applied to make use of mktemp to generate unique filenames, and properly make use of noclobber in the script. Likewise, a fix for gzexe which had been applied previously was incomplete. It has been fixed to make full use of mktemp everywhere a temporary file is created.
The znew problem was initially reported by Michal Zalewski and was again reported more recently to Debian by Paul Szabo.
SolutionUpdate the affected gzip package.