A set of utilities for data compression gzip 1.12 has been released. The new version fixes a vulnerability in the zgrep utility that allows, when processing a specially formatted file name that includes two or more newlines, to overwrite arbitrary files on the system, as far as current permissions allow. The problem has been manifesting since version 1.3.10, released in 2007.
Other changes include stopping installation of the zless utility on systems without the less utility, as well as ensuring that the correct information about files larger than 4 GB is output when executing the 'gzip -l' command (information about the size of decompressed data is now determined not based on a fixed 32-bit fields from the header, but through unpacking with the actual calculation of the data size).
Source: opennet.ru