USN-8512-1: Gzip vulnerabilities
It was discovered that Gzip's gzexe utility handled temporary files in an
insecure manner. When the mktemp utility was not available, gzexe
constructed a temporary file path based on the process ID, which could be
predicted. A local attacker could possibly use this issue to overwrite
arbitrary files via a symlink attack. (CVE-2026-41991)
It was discovered that Gzip incorrectly handled certain compressed files.
An attacker could possibly use this issue to obtain sensitive information
or cause Gzip to crash, resulting in a denial of service. (CVE-2026-41992)