Gentoo Linux Security Advisory GLSA 200609-13 – Tavis Ormandy of the Google Security Team has reported multiple vulnerabilities in gzip. A stack buffer modification vulnerability was discovered in the LZH decompression code, where a pathological data stream may result in the modification of stack data such as frame pointer, return address or saved registers. A static buffer underflow was discovered in the pack decompression support, allowing a specially crafted pack archive to underflow a .bss buffer. A static buffer overflow was uncovered in the LZH decompression code, allowing a data stream consisting of pathological huffman codes to overflow a .bss buffer. Multiple infinite loops were also uncovered in the LZH decompression code. Versions less than 1.3.5-r9 are affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/50300/glsa-200609-13.txt
Source: https://packetstormsecurity.com/files/50300/Gentoo-Linux-Security-Advisory-200609-13.html