Packages
- gzip - GNU compression utilities
Details
It was discovered that Gzip's gzexe utility handled temporary files in an
insecure manner. When the mktemp utility was not available, gzexe
constructed a temporary file path based on the process ID, which could be
predicted. A local attacker could possibly use this issue to overwrite
arbitrary files via a symlink attack. (CVE-2026-41991)
It was discovered that Gzip incorrectly handled certain compressed files.
An attacker could possibly use this issue to obtain sensitive information
or cause Gzip to crash, resulting in a denial of service. (CVE-2026-41992)
It was discovered that Gzip's gzexe utility handled temporary files in an
insecure manner. When the mktemp utility was not available, gzexe
constructed a temporary file path based on the process ID, which could be
predicted. A local attacker could possibly use this issue to overwrite
arbitrary files via a symlink attack. (CVE-2026-41991)
It was discovered that Gzip incorrectly handled certain compressed files.
An attacker could possibly use this issue to obtain sensitive information
or cause Gzip to crash, resulting in a denial of service. (CVE-2026-41992)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 26.04 LTS resolute | gzip – 1.14-1~exp2ubuntu1.1 | ||
| 24.04 LTS noble | gzip – 1.12-1ubuntu3.2 | ||
| 22.04 LTS jammy | gzip – 1.10-4ubuntu4.2 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.