gzip -- directory traversal and permission race vulnerabilities

Problem Description
Two problems related to extraction of files exist in gzip:
The first problem is that gzip does not properly sanitize
filenames containing “/” when uncompressing files using the
-N command line option.
The second problem is that gzip does not set permissions on
newly extracted files until after the file has been created
and the file descriptor has been closed.
Impact
The first problem can allow an attacker to overwrite
arbitrary local files when uncompressing a file using the -N
command line option.
The second problem can allow a local attacker to change the
permissions of arbitrary local files, on the same partition
as the one the user is uncompressing a file on, by removing
the file the user is uncompressing and replacing it with a
hardlink before the uncompress operation is finished.
Workaround
Do not use the -N command line option on untrusted files
and do not uncompress files in directories where untrusted
users have write access.