Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:4991

Опубликовано: 13 июн. 2022
Источник: rocky
Оценка: Important

Описание

Important: xz security update

XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.

Security Fix(es):

  • gzip: arbitrary-file-write vulnerability (CVE-2022-1271)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
xzx86_644.el8_6xz-5.2.4-4.el8_6.x86_64.rpm
xz-develx86_644.el8_6xz-devel-5.2.4-4.el8_6.x86_64.rpm
xz-libsx86_644.el8_6xz-libs-5.2.4-4.el8_6.x86_64.rpm

Показывать по

Связанные CVE

CVE-2022-1271

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2022-1271

CVSS3: 8.8
ubuntu
почти 3 года назад

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

redhat логотип

CVE-2022-1271

CVSS3: 8.8
redhat
около 3 лет назад

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

nvd логотип

CVE-2022-1271

CVSS3: 8.8
nvd
почти 3 года назад

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

msrc логотип

CVE-2022-1271

CVSS3: 8.8
msrc
почти 3 года назад

Описание отсутствует

debian логотип

CVE-2022-1271

CVSS3: 8.8
debian
почти 3 года назад

An arbitrary file write vulnerability was found in GNU gzip's zgrep ut ...