xz-5.2.5-8.el9
エラータID: AXSA:2022-3977:03
リリース日:
2022/11/02 Wednesday - 07:02
題名:
xz-5.2.5-8.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- gzip の zgrep には、ファイル名処理における検証が不十分な問題が
あるため、リモートの低権限な攻撃者により、 巧妙に細工されたファ
イル名を介して、任意のファイルへの書き込みを可能とする脆弱性が
存在します。(CVE-2022-1271)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-1271
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
追加情報:
N/A
ダウンロード:
SRPMS
- xz-5.2.5-8.el9.src.rpm
MD5: 70e5e0e52b5ac9cabef3233636ea090d
SHA-256: 98b74558a260efa24d06104384b6f24fed7edb178e7245175bf712e8580ee15a
Size: 1.11 MB
Asianux Server 9 for x86_64
- xz-5.2.5-8.el9.x86_64.rpm
MD5: 613451a38b0d6001c8d5dec4d6c37c41
SHA-256: 88fa5e11e6903742eeff3503911440da02f99d4558097d7bb68cb212e2e8a1f2
Size: 214.00 kB - xz-devel-5.2.5-8.el9.x86_64.rpm
MD5: c989089f8d3df94ddd1423fb71caa528
SHA-256: 2f47dc0e5964837fccce5e6174de5d8da07a5328784d8fc47af5f80941a6f65f
Size: 52.00 kB - xz-libs-5.2.5-8.el9.x86_64.rpm
MD5: 76b02a15b68921861fe5d262fd36338f
SHA-256: 9cba85cc5be20d6f61901408bf8ec662d4e18b481e41568f34a05635dc686e2f
Size: 91.77 kB - xz-lzma-compat-5.2.5-8.el9.x86_64.rpm
MD5: 159ad41e44dbe07dbaf5003e34f6b68c
SHA-256: d00442ededc41f89acb8369290da6c96bcf2ce6ffa9f82001534698fd87c1754
Size: 21.02 kB - xz-devel-5.2.5-8.el9.i686.rpm
MD5: 0bb79b4937036f6a5285d00b0fea1bb8
SHA-256: 450ed793bfae01ebb50515082b5bb044f923ff27851fe3af16ae8b7a202f3596
Size: 51.99 kB - xz-libs-5.2.5-8.el9.i686.rpm
MD5: 4ca6d0e38a962c081809fdd0cbca5177
SHA-256: 9ce7b0e24043526642cb4184811980501f853131a6d1307c06adade05afae73d
Size: 99.76 kB