Resolved Bugs
1181045 – CVE-2015-1191 pigz: directory traversal vulnerability
1181047 – pigz: directory traversal vulnerability [epel-all]<br
Update to 2.3.3, fixes CVE-2015-1191:
– Return zero exit code when only warnings are issued
– Increase speed of unlzw (Unix compress decompression)
– Update zopfli to current google state
– Allow larger maximum blocksize (-b), now 512 MiB
– Do not require that -d precede -N, -n, -T options
– Strip any path from header name for -dN or -dNT
– Remove use of PATH_MAX (PATH_MAX is not reliable)
– Do not abort on inflate data error, do remaining files
– Check gzip header CRC if present
– Improve decompression error detection and reporting