gzip-1.10-9.el9
エラータID: AXSA:2022-3914:03
The gzip packages contain the gzip (GNU zip) data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times.
Security Fix(es):
* gzip: arbitrary-file-write vulnerability (CVE-2022-1271)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2022-1271
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
Update packages.
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
N/A
SRPMS
- gzip-1.10-9.el9.src.rpm
MD5: 2eba13746bcf606d7b3457464ccab2c7
SHA-256: 8e061a016e0eb3b078b9e3e049b04c6d9a50c730d3bd0ae24d36562a359efd6c
Size: 801.60 kB
Asianux Server 9 for x86_64
- gzip-1.10-9.el9.x86_64.rpm
MD5: b431cb42dc9c6cd78e8a9d33953be313
SHA-256: 3c3e0536eb2d1e005b8e13b93a02a20343b7595c69d1a598e9474e971b5523a9
Size: 149.88 kB
日本語