[CLSA-2026:1783589413] gzip: Fix of CVE-2026-41992
Type:
security
Severity:
Important
Release date:
2026-07-09 10:05:44 UTC
Description:
- CVE-2026-41992: out-of-bounds read in the LZH decoder from stale shared decompression state (left/right) reused across a .Z then .lzh file in a single gzip -d invocation
CVEs fixed:
Updated packages:
  • gzip-1.5-11.el7_9.tuxcare.els1.x86_64.rpm
    sha:77b2238c9c5803d737fc9b388e2d57c6b48d1986be7e4b89768376df6748042e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.