Lucene search
AlmaLinuxALSA-2022:4940HistoryJun 08, 2022 - 12:00 a.m.
Important: xz security update
2022-06-0800:00:00
errata.almalinux.org
10
xz utils
lzma
compression
security update
arbitrary-file-write
cve-2022-1271
unix
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.007
Percentile
80.6%
XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.
Security Fix(es):
- gzip: arbitrary-file-write vulnerability (CVE-2022-1271)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 9 | i686 | xz-devel | <Â 5.2.5-8.el9_0 | xz-devel-5.2.5-8.el9_0.i686.rpm |
| almalinux | 9 | x86_64 | xz-lzma-compat | <Â 5.2.5-8.el9_0 | xz-lzma-compat-5.2.5-8.el9_0.x86_64.rpm |
| almalinux | 9 | x86_64 | xz-devel | <Â 5.2.5-8.el9_0 | xz-devel-5.2.5-8.el9_0.x86_64.rpm |
| almalinux | 9 | ppc64le | xz-lzma-compat | <Â 5.2.5-8.el9_0 | xz-lzma-compat-5.2.5-8.el9_0.ppc64le.rpm |
| almalinux | 9 | ppc64le | xz-devel | <Â 5.2.5-8.el9_0 | xz-devel-5.2.5-8.el9_0.ppc64le.rpm |
| almalinux | 9 | aarch64 | xz-devel | <Â 5.2.5-8.el9_0 | xz-devel-5.2.5-8.el9_0.aarch64.rpm |
| almalinux | 9 | aarch64 | xz-lzma-compat | <Â 5.2.5-8.el9_0 | xz-lzma-compat-5.2.5-8.el9_0.aarch64.rpm |
| almalinux | 9 | s390x | xz-devel | <Â 5.2.5-8.el9_0 | xz-devel-5.2.5-8.el9_0.s390x.rpm |
| almalinux | 9 | s390x | xz-lzma-compat | <Â 5.2.5-8.el9_0 | xz-lzma-compat-5.2.5-8.el9_0.s390x.rpm |
| almalinux | 9 | i686 | xz-libs | <Â 5.2.5-8.el9_0 | xz-libs-5.2.5-8.el9_0.i686.rpm |
Related
nessus
nessus
RHEL 9 : gzip (RHSA-2022:4582)
2022-09-08 00:00:00
EulerOS Virtualization 3.0.2.0 : gzip (EulerOS-SA-2023-1716)
2023-05-07 00:00:00
EulerOS Virtualization 3.0.6.6 : gzip (EulerOS-SA-2022-2505)
2022-10-09 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for gzip (EulerOS-SA-2022-2133)
2022-07-29 00:00:00
Ubuntu: Security Advisory (USN-5378-3)
2022-08-26 00:00:00
Huawei EulerOS: Security Advisory for xz (EulerOS-SA-2022-1985)
2022-07-08 00:00:00
oraclelinux
oraclelinux
xz security update
2022-06-15 00:00:00
xz security update
2022-06-30 00:00:00
xz security update
2022-06-13 00:00:00
redhat
redhat
(RHSA-2022:4992) Important: xz security update
2022-06-13 07:15:56
(RHSA-2022:2191) Important: gzip security update
2022-05-11 13:01:16
(RHSA-2022:4994) Important: xz security update
2022-06-13 07:16:53
osv
osv
Important: xz security update
2022-06-13 00:00:00
Important: xz security update
2022-06-08 00:00:00
xz-utils vulnerability
2022-04-13 14:47:08
rocky
rocky
xz security update
2022-06-08 08:20:11
gzip security update
2022-04-26 09:54:04
gzip security update
2022-05-17 22:32:54
cloudfoundry
cloudfoundry
USN-5378-2: XZ Utils vulnerability | Cloud Foundry
2022-05-23 00:00:00
USN-5378-1: Gzip vulnerability | Cloud Foundry
2022-05-23 00:00:00
centos
centos
xz security update
2022-08-02 19:22:54
redos
redos
ROS-20220516-02
2022-05-16 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: gzip-1.10-6.fc35
2022-04-20 19:13:37
[SECURITY] Fedora 36 Update: xz-5.2.5-9.fc36
2022-05-02 19:43:52
[SECURITY] Fedora 35 Update: xz-5.2.5-9.fc35
2022-04-21 21:22:38
suse
suse
Security update for xz (important)
2022-04-12 00:00:00
ubuntu
ubuntu
XZ Utils vulnerability
2022-04-13 00:00:00
Gzip vulnerability
2022-04-13 00:00:00
Gzip vulnerability
2022-04-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package gzip version 1.12-alt1
2022-04-11 00:00:00
Security fix for the ALT Linux 9 package gzip version 1.10-alt1.p9.1
2023-04-10 00:00:00
almalinux
almalinux
Important: gzip security update
2022-04-26 09:54:04
Important: xz security update
2022-06-13 00:00:00
amazon
amazon
Important: gzip
2022-05-31 23:47:00
Important: gzip, xz
2022-04-25 22:56:00
Important: xz
2022-05-31 23:47:00
slackware
slackware
[slackware-security] gzip
2022-04-14 21:21:03
[slackware-security] xz
2022-04-14 21:21:34
veracode
veracode
Remote Code Execution
2022-04-10 10:33:43
freebsd
freebsd
zgrep -- arbitrary file write
2022-04-07 00:00:00
ibm
ibm
ubuntucve
ubuntucve
CVE-2022-1271
2022-04-07 00:00:00
archlinux
archlinux
[ASA-202204-8] xz: arbitrary command execution
2022-04-07 00:00:00
zdi
zdi
debian
debian
[SECURITY] [DSA 5122-1] gzip security update
2022-04-18 19:31:16
[SECURITY] [DSA 5123-1] xz-utils security update
2022-04-18 19:36:12
[SECURITY] [DLA 2976-1] gzip security update
2022-04-10 13:01:05
cvelist
cvelist
CVE-2022-1271
2022-08-31 15:33:00
alpinelinux
alpinelinux
CVE-2022-1271
2022-08-31 16:15:09
debiancve
debiancve
CVE-2022-1271
2022-08-31 16:15:09
f5
f5
K000130546 : Gzip vulnerability CVE-2022-1271
2023-01-25 00:00:00
nvd
nvd
CVE-2022-1271
2022-08-31 16:15:09
cbl_mariner
cbl_mariner
CVE-2022-1271 affecting package gzip 1.9-5
2022-09-17 05:56:35
prion
prion
Input validation
2022-08-31 16:15:00
gentoo
gentoo
GNU Gzip, XZ Utils: Arbitrary file write
2022-09-07 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2301
2023-12-05 10:33:39
redhatcve
redhatcve
CVE-2022-1271
2022-04-08 08:27:59
cloudlinux
cloudlinux
Fixed CVE-2022-1271 in gzip
2022-05-20 00:06:18
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.007
Percentile
80.6%
Related for ALSA-2022:4940