Lucene search
UbuntuUSN-5378-2HistoryApr 13, 2022 - 12:00 a.m.
XZ Utils vulnerability
2022-04-1300:00:00
ubuntu.com
229
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.2%
Releases
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
Packages
- xz-utils - XZ-format compression utilities
Details
Cleemy Desu Wayo discovered that XZ Utils incorrectly handled certain
filenames. If a user or automated system were tricked into performing
xzgrep operations with specially crafted filenames, a remote attacker could
overwrite arbitrary files.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 21.10 | noarch | xz-utils | < 5.2.5-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 21.10 | noarch | liblzma-dev | < 5.2.5-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 21.10 | noarch | liblzma-doc | < 5.2.5-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 21.10 | noarch | liblzma5 | < 5.2.5-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 21.10 | noarch | liblzma5-dbgsym | < 5.2.5-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 21.10 | noarch | xz-utils-dbgsym | < 5.2.5-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 21.10 | noarch | xzdec | < 5.2.5-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 21.10 | noarch | xzdec-dbgsym | < 5.2.5-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 20.04 | noarch | xz-utils | < 5.2.4-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 20.04 | noarch | liblzma-dev | < 5.2.4-1ubuntu1.1 | UNKNOWN |
References
Related
nessus
nessus
RHEL 8 : gzip (RHSA-2022:1537)
2022-04-27 00:00:00
SUSE SLES12 Security Update : gzip (SUSE-SU-2022:1272-1)
2022-04-21 00:00:00
Amazon Linux 2022 : (ALAS2022-2022-187)
2022-11-04 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: xz-5.2.5-9.fc34
2022-05-02 07:30:59
[SECURITY] Fedora 35 Update: xz-5.2.5-9.fc35
2022-04-21 21:22:38
[SECURITY] Fedora 36 Update: xz-5.2.5-9.fc36
2022-05-02 19:43:52
suse
suse
Security update for gzip (important)
2022-05-10 00:00:00
Security update for xz (important)
2022-04-12 00:00:00
oraclelinux
oraclelinux
gzip security update
2022-05-11 00:00:00
gzip security update
2022-06-30 00:00:00
xz security update
2022-06-13 00:00:00
redhat
redhat
(RHSA-2022:5052) Important: xz security update
2022-06-15 10:01:06
(RHSA-2022:1665) Important: gzip security update
2022-05-02 07:49:49
(RHSA-2022:1592) Important: gzip security update
2022-04-26 13:56:10
archlinux
archlinux
[ASA-202204-7] gzip: arbitrary command execution
2022-04-07 00:00:00
[ASA-202204-8] xz: arbitrary command execution
2022-04-07 00:00:00
mageia
mageia
Updated gzip/xz packages fix security vulnerability
2022-04-23 20:22:42
cbl_mariner
cbl_mariner
CVE-2022-1271 affecting package gzip 1.11-1
2022-10-05 23:33:39
CVE-2022-1271 affecting package gzip 1.9-5
2022-09-17 05:56:35
centos
centos
gzip security update
2022-05-13 17:33:20
xz security update
2022-08-02 19:22:54
osv
osv
xz-utils - security update
2022-04-10 00:00:00
CVE-2022-1271
2022-08-31 16:15:09
gzip vulnerability
2022-04-13 16:03:48
cve
cve
CVE-2022-1271
2022-08-31 16:15:00
cloudfoundry
cloudfoundry
USN-5378-1: Gzip vulnerability | Cloud Foundry
2022-05-23 00:00:00
USN-5378-2: XZ Utils vulnerability | Cloud Foundry
2022-05-23 00:00:00
debiancve
debiancve
CVE-2022-1271
2022-08-31 16:15:00
zdi
zdi
slackware
slackware
[slackware-security] xz
2022-04-14 21:21:34
[slackware-security] gzip
2022-04-14 21:21:03
alpinelinux
alpinelinux
CVE-2022-1271
2022-08-31 16:15:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in GNU gzip (CVE-2022-1271)
2023-02-01 15:46:50
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in GNU Gzip (CVE-2022-1271)
2023-01-12 21:59:00
Security Bulletin: Multiple Vulnerabilities in base image packages
2022-10-07 20:52:32
debian
debian
[SECURITY] [DSA 5122-1] gzip security update
2022-04-18 19:31:16
[SECURITY] [DSA 5123-1] xz-utils security update
2022-04-18 19:36:12
[SECURITY] [DLA 2976-1] gzip security update
2022-04-10 13:01:05
veracode
veracode
Remote Code Execution
2022-04-10 10:33:43
freebsd
freebsd
zgrep -- arbitrary file write
2022-04-07 00:00:00
almalinux
almalinux
Important: xz security update
2022-06-08 00:00:00
Important: xz security update
2022-06-13 00:00:00
Important: gzip security update
2022-04-26 09:54:04
amazon
amazon
Important: gzip
2022-05-31 23:47:00
Important: gzip, xz
2022-04-25 22:56:00
Important: xz
2022-05-31 23:47:00
rocky
rocky
xz security update
2022-06-13 07:15:31
gzip security update
2022-05-17 22:32:54
gzip security update
2022-04-26 09:54:04
ubuntucve
ubuntucve
CVE-2022-1271
2022-04-07 00:00:00
ubuntu
ubuntu
Gzip vulnerability
2022-04-13 00:00:00
Gzip vulnerability
2022-04-13 00:00:00
XZ Utils vulnerability
2022-04-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package gzip version 1.12-alt1
2022-04-11 00:00:00
Security fix for the ALT Linux 9 package gzip version 1.10-alt1.p9.1
2023-04-10 00:00:00
redos
redos
ROS-20220516-02
2022-05-16 00:00:00
f5
f5
K000130546 : Gzip vulnerability CVE-2022-1271
2023-01-25 00:00:00
prion
prion
Input validation
2022-08-31 16:15:00
gentoo
gentoo
GNU Gzip, XZ Utils: Arbitrary file write
2022-09-07 00:00:00
cloudlinux
cloudlinux
Fixed CVE-2022-1271 in gzip
2022-05-20 00:06:18
redhatcve
redhatcve
CVE-2022-1271
2022-04-08 08:27:59
rosalinux
rosalinux
Advisory ROSA-SA-2023-2301
2023-12-05 10:33:39
photon
photon
Important Photon OS Security Update - PHSA-2022-0172
2022-04-15 00:00:00
Important Photon OS Security Update - PHSA-2022-0382
2022-04-14 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0382
2022-04-14 00:00:00
virtuozzo
virtuozzo
Virtuozzo Hybrid Infrastructure 5.0 Update 1.3 (5.0.1-57)
2022-05-25 00:00:00
Virtuozzo Hybrid Infrastructure 4.7 Update 1.4 (4.7.1-53)
2022-05-25 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.2%
Related for USN-5378-2