Debian Bug report logs -
#1009167
xz-utils: CVE-2022-1271: xzgrep: arbitrary-file-write vulnerability
Package:
src:xz-utils;
Maintainer for src:xz-utils is Jonathan Nieder <jrnieder@gmailcom>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 8 Apr 2022 04:57:01 UTC
Severity: important
Tags: security ...
cleemy desu wayo reported that incorrect handling of filenames by xzgrep
in xz-utils, the XZ-format compression utilities, can result in
overwrite of arbitrary files or execution of arbitrary code if a file
with a specially crafted filename is processed
For the oldstable distribution (buster), this problem has been fixed
in version 524-1+deb10u1 ...
cleemy desu wayo reported that incorrect handling of filenames by zgrep
in gzip, the GNU compression utilities, can result in overwrite of
arbitrary files or execution of arbitrary code if a file with a
specially crafted filename is processed
For the oldstable distribution (buster), this problem has been fixed
in version 19-3+deb10u1
For the sta ...
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file This flaw occurs due to insufficient validation when processing filenames with two or more newlines ...
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file This flaw occurs due to insufficient validation when processing filenames with two or more newlines ...
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file This flaw occurs due to insufficient validation when processing filenames with two or more newlines ...
Malicious filenames with two or more newlines can make zgrep and xzgrep to write to arbitrary files or (with a GNU sed extension) lead to arbitrary code execution The issue with the old code is that with multiple newlines, the N-command will read the second line of input, then the s-commands will be skipped because it's not the end of the file ye ...
Synopsis
Important: xz security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for xz is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security has rated this upd ...
Synopsis
Important: xz security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for xz is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this upd ...
Synopsis
Important: xz security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for xz is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security i ...
Synopsis
Important: xz security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for xz is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Security has rate ...
概述
Important: gzip security update
类型/严重性
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
标题
An update for gzip is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security has rated th ...
Synopsis
Important: RHACS 370 security update
Type/Severity
Security Advisory: Important
Topic
Updated images are now available for Red Hat Advanced Cluster Security forKubernetes (RHACS) The updated image includes bug and security fixesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...
Synopsis
Moderate: OpenShift Container Platform 4935 bug fix and security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4935 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Cont ...
Synopsis
Important: OpenShift Virtualization 487 Images bug fixes and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Virtualization release 487 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a secur ...
Synopsis
Important: xz security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for xz is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security i ...
Synopsis
Important: gzip security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for gzip is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Security has ...
Synopsis
Important: Red Hat OpenShift GitOps security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat OpenShift GitOps 15Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...
Synopsis
Moderate: Service Binding Operator security update
Type/Severity
Security Advisory: Moderate
Topic
An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 47 +Red Hat Product Security has rated this update as having a security ...
Synopsis
Important: gzip security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for gzip is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a securi ...
Synopsis
Moderate: ACS 370 enhancement and security update
Type/Severity
Security Advisory: Moderate
Topic
Updated images are now available for Red Hat Advanced Cluster Security forKubernetes (RHACS) The updated image includes bug fixes and featureimprovementsRed Hat Product Security has rated this update as having a security impact of Mod ...
Synopsis
Moderate: Secondary Scheduler Operator for Red Hat OpenShift 101 security update
Type/Severity
Security Advisory: Moderate
Topic
Secondary Scheduler Operator for Red Hat OpenShift 101Red Hat Product Security has rated this update as having a security impact ofModerate A Common Vulnerability Scoring System (CVSS) base score, whic ...
Synopsis
Important: xz security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for xz is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security i ...
Synopsis
Important: OpenShift Virtualization 496 Images security and bug fix update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Virtualization release 496 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a securit ...
Synopsis
Important: RHV-H security update (redhat-virtualization-host) 4323
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for redhat-release-virtualization-host and redhat-virtualization-host is now availabl ...
Synopsis
Important: gzip security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for gzip is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a securi ...
Synopsis
Important: Red Hat OpenShift GitOps security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat OpenShift GitOps 14Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...
Synopsis
Moderate: OpenShift Container Platform 4658 bug fix and security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4658 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Cont ...
Synopsis
Important: gzip security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for gzip is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this ...
Synopsis
Moderate: OpenShift Container Platform 4751 security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4751 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Platf ...
Synopsis
Moderate: OpenShift Container Platform 4841 bug fix and security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4841 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Cont ...
Synopsis
Moderate: security update for rh-sso-7/sso75-openshift-rhel8 container image
Type/Severity
Security Advisory: Moderate
Topic
Security updated rh-sso-7/sso75-openshift-rhel8 container image is now available for RHEL-8 based Middleware ContainersRed Hat Product Security has rated this update as having a security impact of Moderate A ...
Synopsis
Moderate: OpenShift Container Platform 311705 security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 311705 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Pl ...
Synopsis
Important: gzip security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for gzip is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a securi ...
Synopsis
Important: Red Hat OpenShift GitOps security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat OpenShift GitOps 13 on OpenShift 46Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives ...
Synopsis
Important: Red Hat OpenShift GitOps security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat OpenShift GitOps 13Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...
Synopsis
Important: RHACS 369 security update
Type/Severity
Security Advisory: Important
Topic
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS) The updated image includes bug and security fixesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Synopsis
Moderate: OpenShift Container Platform 4658 security and extras update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4658 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Conta ...
Synopsis
Moderate: OpenShift Virtualization 4102 Images security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Virtualization release 4102 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a securit ...
Synopsis
Moderate: Logging Subsystem 543 - Red Hat OpenShift security update
Type/Severity
Security Advisory: Moderate
Topic
Logging Subsystem 543 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severi ...
Synopsis
Important: Red Hat OpenShift GitOps security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat OpenShift GitOps 15 in openshift-gitops-argocd containerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis
Moderate: Red Hat OpenShift Logging Security and Bug update Release 537
Type/Severity
Security Advisory: Moderate
Topic
Openshift Logging Bug Fix Release (537)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed seve ...
Synopsis
Moderate: Red Hat OpenShift Logging Security and Bug update Release 541
Type/Severity
Security Advisory: Moderate
Topic
Logging Subsystem 541 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed se ...
Synopsis
Important: RHACS 368 security update
Type/Severity
Security Advisory: Important
Topic
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS) The updated image includes bug and security fixesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Synopsis
Moderate: OpenShift API for Data Protection (OADP) 104 security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
OpenShift API for Data Protection (OADP) 104 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Synopsis
Important: Network observability 110 security update
Type/Severity
Security Advisory: Important
Topic
Network observability 110 release for OpenShiftRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rati ...
Synopsis
Moderate: Migration Toolkit for Containers (MTC) 165 security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
The Migration Toolkit for Containers (MTC) 165 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Synopsis
Moderate: Release of containers for OSP 162z director operator tech preview
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenStack Platform 162 (Train) director Operator containers areavailable for technology preview
Description
Release osp-director-operator imagesSecurity Fix(es): golang: kubernetes: YAML parsing v ...
Synopsis
Moderate: Cryostat 210: new Cryostat on RHEL 8 container images
Type/Severity
Security Advisory: Moderate
Topic
New Cryostat 210 on RHEL 8 container images are now available
Description
New Cryostat 210 on RHEL 8 container images have been released, adding a variety of features and bug fixes and addressing the following secur ...
Synopsis
Moderate: Migration Toolkit for Containers (MTC) 171 security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
The Migration Toolkit for Containers (MTC) 171 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Synopsis
Moderate: Openshift Logging Bug Fix and security update Release (5310)
Type/Severity
Security Advisory: Moderate
Topic
Openshift Logging Bug Fix Release (5310)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed seve ...
Synopsis
Important: Red Hat OpenShift Service Mesh 213 Containers security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Service Mesh 213Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...
Synopsis
Moderate: Openshift Logging Bug Fix and security update Release (5213)
Type/Severity
Security Advisory: Moderate
Topic
Openshift Logging Bug Fix Release (5213)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed seve ...
Synopsis
Important: Release of containers for OSP 162z director operator tech preview
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenStack Platform 162 (Train) director operator containers, with several Important security fixes, are available for technology preview
Description
Release osp-director-operator imagesSecurity F ...
Synopsis
Moderate: Openshift Logging Security and Bug update Release (5210)
Type/Severity
Security Advisory: Moderate
Topic
Openshift Logging Bug Fix Release (5210)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity ...
Synopsis
Moderate: OpenShift sandboxed containers 141 security update
Type/Severity
Security Advisory: Moderate
Topic
OpenShift sandboxed containers 141 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed seve ...
Synopsis
Moderate: Red Hat Advanced Cluster Management 244 security updates and bug fixes
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Advanced Cluster Management for Kubernetes 244 GeneralAvailability release images This update provides security fixes, bug fixes, and updates container imagesRed Hat Product Security has rated ...
Synopsis
Moderate: OpenShift API for Data Protection (OADP) 110 security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
OpenShift API for Data Protection (OADP) 110 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Synopsis
Important: OpenShift Virtualization 4110 Images security and bug fix update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Virtualization release 4110 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a secur ...
概述
Moderate: Red Hat Advanced Cluster Management 2311 security updates and bug fixes
类型/严重性
Security Advisory: Moderate
标题
Red Hat Advanced Cluster Management for Kubernetes 2311 generalavailability release images, which provide security updates and bug fixesRed Hat Product Security has rated this update as having a sec ...
Synopsis
Important: OpenShift Container Platform 4110 bug fix and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Co ...
Synopsis
Moderate: Migration Toolkit for Containers (MTC) 173 security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
The Migration Toolkit for Containers (MTC) 173 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Synopsis
Moderate: OpenShift Container Platform 4110 extras and security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Conta ...
Synopsis
Moderate: OpenShift Container Platform 311784 security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 311784 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Pl ...
Synopsis
Moderate: Red Hat Advanced Cluster Management 2310 security updates and bug fixes
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Advanced Cluster Management for Kubernetes 2310 GeneralAvailability release images, which provide security updates and bug fixesRed Hat Product Security has rated this update as having a secur ...
Synopsis
Moderate: Red Hat Advanced Cluster Management 245 security updates and bug fixes
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Advanced Cluster Management for Kubernetes 245 GeneralAvailability release images, which fix bugs and update container imagesRed Hat Product Security has rated this update as having a security ...
Synopsis
Moderate: Migration Toolkit for Containers (MTC) 172 security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
The Migration Toolkit for Containers (MTC) 172 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Synopsis
Moderate: Red Hat Advanced Cluster Management 251 security updates and bug fixes
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Advanced Cluster Management for Kubernetes 251 GeneralAvailability release images, which fix security issues and bugsRed Hat Product Security has rated this update as having a security impactof ...
Synopsis
Important: OpenShift Container Platform 41145 bug fix and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 41145 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...
Synopsis
Important: Service Telemetry Framework 14 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Service Telemetry Framework 14 for RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...
Synopsis
Important: Migration Toolkit for Containers (MTC) 174 security and bug fix update
Type/Severity
Security Advisory: Important
Topic
The Migration Toolkit for Containers (MTC) 174 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ba ...
Synopsis
Important: Red Hat OpenShift Data Foundation 4130 security and bug fix update
Type/Severity
Security Advisory: Important
Topic
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4130 on Red Hat Enterprise Linux 9Red Hat ...
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file This flaw occurs due to insufficient validation when processing filenames with two or more newlines ...
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file This flaw occurs due to insufficient validation when processing filenames with two or more newlines ...
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file This flaw occurs due to insufficient validation when processing filenames with two or more newlines ...
PAN-SA-2024-0004 Informational Bulletin: OSS CVEs fixed in PAN-OS ...