Linuxsecurity
Critical Gzip Vulnerabilities in Ubuntu Expose Systems to Local Attacks
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Two critical vulnerabilities were discovered in Gzip's gzexe utility and file handling. CVE-2026-41991 allows local attackers to overwrite arbitrary files via a predictable temporary file path. CVE-2026-41992 can lead to denial of service or exposure of sensitive information due to improper handling of compressed files. These vulnerabilities affect multiple Ubuntu versions, including 22.04, 24.04, and 26.04 LTS. Users are advised to update their systems to mitigate these risks. The issues were published on June 29, 2026, and are now addressed in the latest updates. A standard system update will apply the necessary patches.
Key Points: • CVE-2026-41991 allows local attackers to exploit predictable file paths in Gzip. • CVE-2026-41992 can cause denial of service or expose sensitive data. • Affected Ubuntu versions include 22.04, 24.04, and 26.04 LTS; users should update immediately.