xz-5.2.5-8.el9

エラータID: AXSA:2022-3977:03

Release date: 
Wednesday, November 2, 2022 - 07:02
Subject: 
xz-5.2.5-8.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.

Security Fix(es):

* gzip: arbitrary-file-write vulnerability (CVE-2022-1271)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-1271
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

Solution: 

Update packages.

CVEs: 
CVE-2022-1271
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
Additional Info: 

N/A

Download: 

SRPMS
  1. xz-5.2.5-8.el9.src.rpm
    MD5: 70e5e0e52b5ac9cabef3233636ea090d
    SHA-256: 98b74558a260efa24d06104384b6f24fed7edb178e7245175bf712e8580ee15a
    Size: 1.11 MB

Asianux Server 9 for x86_64
  1. xz-5.2.5-8.el9.x86_64.rpm
    MD5: 613451a38b0d6001c8d5dec4d6c37c41
    SHA-256: 88fa5e11e6903742eeff3503911440da02f99d4558097d7bb68cb212e2e8a1f2
    Size: 214.00 kB
  2. xz-devel-5.2.5-8.el9.x86_64.rpm
    MD5: c989089f8d3df94ddd1423fb71caa528
    SHA-256: 2f47dc0e5964837fccce5e6174de5d8da07a5328784d8fc47af5f80941a6f65f
    Size: 52.00 kB
  3. xz-libs-5.2.5-8.el9.x86_64.rpm
    MD5: 76b02a15b68921861fe5d262fd36338f
    SHA-256: 9cba85cc5be20d6f61901408bf8ec662d4e18b481e41568f34a05635dc686e2f
    Size: 91.77 kB
  4. xz-lzma-compat-5.2.5-8.el9.x86_64.rpm
    MD5: 159ad41e44dbe07dbaf5003e34f6b68c
    SHA-256: d00442ededc41f89acb8369290da6c96bcf2ce6ffa9f82001534698fd87c1754
    Size: 21.02 kB
  5. xz-devel-5.2.5-8.el9.i686.rpm
    MD5: 0bb79b4937036f6a5285d00b0fea1bb8
    SHA-256: 450ed793bfae01ebb50515082b5bb044f923ff27851fe3af16ae8b7a202f3596
    Size: 51.99 kB
  6. xz-libs-5.2.5-8.el9.i686.rpm
    MD5: 4ca6d0e38a962c081809fdd0cbca5177
    SHA-256: 9ce7b0e24043526642cb4184811980501f853131a6d1307c06adade05afae73d
    Size: 99.76 kB