Mandrake Linux Security Advisory : gzip (MDKSA-2006:027)
Medium Nessus Plugin ID 20832
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionZgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
This was previously corrected in MDKSA-2005:092, however the fix was incomplete. These updated packages provide a more comprehensive fix to the problem.
SolutionUpdate the affected gzip package.