Gentoo FoundationMGASA-2022-0149

HistoryApr 23, 2022 - 8:22 p.m.

Vulners
/
Mageia
/
Updated gzip/xz packages fix security vulnerability

Updated gzip/xz packages fix security vulnerability

2022-04-2320:22:42

Gentoo Foundation

advisories.mageia.org

update

gzip

xzgrep

security

vulnerability

unix

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.012

Percentile

85.7%

JSON

zgrep, xzgrep: arbitrary-file-write vulnerability. (CVE-2022-1271)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchgzip< 1.10-4.1gzip-1.10-4.1.mga8
Mageia8noarchxz< 5.2.5-2.1xz-5.2.5-2.1.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	gzip	< 1.10-4.1	gzip-1.10-4.1.mga8
Mageia	8	noarch	xz	< 5.2.5-2.1	xz-5.2.5-2.1.mga8

References

bugs.mageia.org/show_bug.cgi?id=30261

ubuntu.com/security/notices/USN-5378-1

ubuntu.com/security/notices/USN-5378-2

www.debian.org/lts/security/2022/dla-2976

www.debian.org/lts/security/2022/dla-2977

www.debian.org/security/2022/dsa-5122

www.debian.org/security/2022/dsa-5123

www.openwall.com/lists/oss-security/2022/04/08/3

redhat 9

fedora 5

prion 1

altlinux 2

cbl_mariner 2

rosalinux 1

openvas 43

nessus 74

amazon 3

oraclelinux 6

f5 1

osv 18

redhatcve 1

gentoo 1

nvd 1

cloudlinux 1

debian 4

ubuntu 3

freebsd 1

ubuntucve 1

almalinux 2

slackware 2

veracode 1

rocky 3

ibm 2

archlinux 2

zdi 1

alpinelinux 1

debiancve 1

cloudfoundry 1

cvelist 1

suse 1

cve 1

centos 1

redos 1

redhat

(RHSA-2022:1676) Important: gzip security update

2022-05-03 06:36:38

(RHSA-2022:4940) Important: xz security update

2022-06-08 08:20:11

(RHSA-2022:4582) Important: gzip security update

2022-05-17 22:32:54

fedora

[SECURITY] Fedora 34 Update: gzip-1.10-5.fc34

2022-04-30 18:40:27

[SECURITY] Fedora 36 Update: gzip-1.11-3.fc36

2022-04-28 22:25:50

[SECURITY] Fedora 36 Update: xz-5.2.5-9.fc36

2022-05-02 19:43:52

prion

Input validation

2022-08-31 16:15:00

altlinux

Security fix for the ALT Linux 9 package gzip version 1.10-alt1.p9.1

2023-04-10 00:00:00

Security fix for the ALT Linux 10 package gzip version 1.12-alt1

2022-04-11 00:00:00

cbl_mariner

CVE-2022-1271 affecting package gzip 1.9-5

2022-09-17 05:56:35

CVE-2022-1271 affecting package gzip for versions less than 1.12-1

2022-10-05 23:33:39

rosalinux

Advisory ROSA-SA-2023-2301

2023-12-05 10:33:39

openvas

Huawei EulerOS: Security Advisory for xz (EulerOS-SA-2022-2015)

2022-07-08 00:00:00

Huawei EulerOS: Security Advisory for gzip (EulerOS-SA-2022-1931)

2022-06-22 00:00:00

Fedora: Security Advisory for xz (FEDORA-2022-07cd35f6b8)

2022-05-03 00:00:00

nessus

Scientific Linux Security Update : gzip on SL7.x x86_64 (2022:2191)

2022-05-12 00:00:00

Rocky Linux 9 : gzip (RLSA-2022:4582)

2023-11-07 00:00:00

EulerOS Virtualization 3.0.6.0 : xz (EulerOS-SA-2022-2597)

2022-10-10 00:00:00

amazon

Important: xz

2022-05-31 23:47:00

Important: gzip, xz

2022-04-25 22:56:00

Important: gzip

2022-05-31 23:47:00

oraclelinux

gzip security update

2022-04-26 00:00:00

xz security update

2022-06-13 00:00:00

gzip security update

2022-06-30 00:00:00

K000130546 : Gzip vulnerability CVE-2022-1271

2023-01-25 00:00:00

osv

gzip - security update

2022-04-18 00:00:00

gzip vulnerability

2022-04-13 12:37:06

apache2-mod_apparmor-3.0.4-4.1 on GA media

2024-06-15 00:00:00

redhatcve

CVE-2022-1271

2022-04-08 08:27:59

gentoo

GNU Gzip, XZ Utils: Arbitrary file write

2022-09-07 00:00:00

nvd

CVE-2022-1271

2022-08-31 16:15:09

cloudlinux

Fixed CVE-2022-1271 in gzip

2022-05-20 00:06:18

debian

[SECURITY] [DLA 2977-1] xz-utils security update

2022-04-10 13:07:58

[SECURITY] [DSA 5122-1] gzip security update

2022-04-18 19:31:16

[SECURITY] [DSA 5123-1] xz-utils security update

2022-04-18 19:36:12

ubuntu

Gzip vulnerability

2022-04-13 00:00:00

Gzip vulnerability

2022-04-13 00:00:00

XZ Utils vulnerability

2022-04-13 00:00:00

freebsd

zgrep -- arbitrary file write

2022-04-07 00:00:00

ubuntucve

CVE-2022-1271

2022-04-07 00:00:00

almalinux

Important: xz security update

2022-06-08 00:00:00

Important: xz security update

2022-06-13 00:00:00

slackware

[slackware-security] gzip

2022-04-14 21:21:03

[slackware-security] xz

2022-04-14 21:21:34

veracode

Remote Code Execution

2022-04-10 10:33:43

rocky

xz security update

2022-06-13 07:15:31

gzip security update

2022-05-17 22:32:54

gzip security update

2022-04-26 09:54:04

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in GNU Gzip (CVE-2022-1271)

2023-01-12 21:59:00

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in GNU gzip (CVE-2022-1271)

2023-02-01 15:46:50

archlinux

[ASA-202204-8] xz: arbitrary command execution

2022-04-07 00:00:00

[ASA-202204-7] gzip: arbitrary command execution

2022-04-07 00:00:00

zdi

Tukaani XZ Utils xzgrep Argument Injection Remote Code Execution Vulnerability

2022-04-12 00:00:00

alpinelinux

CVE-2022-1271

2022-08-31 16:15:09

debiancve

CVE-2022-1271

2022-08-31 16:15:09

cloudfoundry

USN-5378-1: Gzip vulnerability | Cloud Foundry

2022-05-23 00:00:00

cvelist

CVE-2022-1271

2022-08-31 15:33:00

suse

Security update for gzip (important)

2022-05-10 00:00:00

cve

CVE-2022-1271

2022-08-31 16:15:09

centos

gzip security update

2022-05-13 17:33:20

redos

ROS-20220516-02

2022-05-16 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.012

Percentile

85.7%

JSON

Related for MGASA-2022-0149