gzip-1.10-9.el9
エラータID: AXSA:2022-3914:03
リリース日:
2022/11/01 Tuesday - 06:22
題名:
gzip-1.10-9.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- gzip の zgrep には、ファイル名処理における検証が不十分な問題が
あるため、リモートの低権限な攻撃者により、 巧妙に細工されたファ
イル名を介して、任意のファイルへの書き込みを可能とする脆弱性が
存在します。(CVE-2022-1271)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-1271
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
追加情報:
N/A
ダウンロード:
SRPMS
- gzip-1.10-9.el9.src.rpm
MD5: 2eba13746bcf606d7b3457464ccab2c7
SHA-256: 8e061a016e0eb3b078b9e3e049b04c6d9a50c730d3bd0ae24d36562a359efd6c
Size: 801.60 kB
Asianux Server 9 for x86_64
- gzip-1.10-9.el9.x86_64.rpm
MD5: b431cb42dc9c6cd78e8a9d33953be313
SHA-256: 3c3e0536eb2d1e005b8e13b93a02a20343b7595c69d1a598e9474e971b5523a9
Size: 149.88 kB
English