Astra Linux - уязвимость в gzip, xz-utils

A arbitrary file writing vulnerability was discovered in the GNU gzip’s zgrep utility. When zgrep is applied to a file name chosen by the attacker e.g., a crafted file name, it can overwrite the content of the target file with an arbitrary file selected by the attacker. This flaw arises due to...

EUVD-2022-24604

Malicious code in bioql PyPI...

TencentOS Server 3: gzip (TSSA-2022:0030)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0030 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: xz (TSSA-2022:0139)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0139 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CentOS 9 : xz-5.2.5-8.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the xz-5.2.5-8.el9 build changelog. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a...

NewStart CGSL MAIN 5.04 : gzip Vulnerability (NS-SA-2023-0103)

The remote NewStart CGSL host, running version MAIN 5.04, has gzip packages installed that are affected by a vulnerability: - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, thi...

Rocky Linux 8 : xz (RLSA-2022:4991)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4991 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted fi...

Rocky Linux 9 : gzip (RLSA-2022:4582)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4582 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted fi...

Rocky Linux 9 : xz (RLSA-2022:4940)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4940 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted fi...

Rocky Linux 8 : gzip (RLSA-2022:1537)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1537 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted fi...

EulerOS Virtualization 3.0.2.0 : xz (EulerOS-SA-2023-1739)

According to the versions of the xz packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name...

Important: xz

Issue Overview: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...

Important: gzip

Issue Overview: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...

Amazon Linux 2023 : xz, xz-devel, xz-libs (ALAS2023-2023-042)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-042 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in GNU gzip (CVE-2022-1271)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in GNU gzip due to an improper validation of file name by the zgrep utility. CVE-2022-1271 . The GNU gzip component is included as part of the Base OS image that is used by Watson Speech...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.2)

The version of AOS installed on the remote host is prior to 6.5.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.2 advisory. - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection ...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in GNU Gzip (CVE-2022-1271)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in GNU Gzip caused by improper validation of file name by the zgrep utility CVE-2022-1271. GNU Gzip and the zgrep utility are used as part of the base image included in our service component...

Amazon Linux 2022 : gzip (ALAS2022-2022-188)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-188 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...

Amazon Linux 2022 : xz, xz-devel, xz-libs (ALAS2022-2022-187)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-187 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...

Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory...