Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:13614125623114202211601HistoryApr 13, 2022 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2022:1160-1)
2022-04-1300:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
10
suse-su-2022:1160-1
xz package
cve-2022-1271
suse linux enterprise server
sles12.0sp2
sles12.0sp3
sles12.0sp4
sles12.0sp5
suse linux enterprise server for sap
suse linux enterprise software development kit
suse openstack cloud
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9.2
Confidence
High
EPSS
0.012
Percentile
85.7%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2022.1160.1");
script_cve_id("CVE-2022-1271");
script_tag(name:"creation_date", value:"2022-04-13 06:20:10 +0000 (Wed, 13 Apr 2022)");
script_version("2024-02-02T14:37:51+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:51 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"9.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-09-07 16:42:33 +0000 (Wed, 07 Sep 2022)");
script_name("SUSE: Security Advisory (SUSE-SU-2022:1160-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0SP2|SLES12\.0SP3|SLES12\.0SP4|SLES12\.0SP5)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2022:1160-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2022/suse-su-20221160-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'xz' package(s) announced via the SUSE-SU-2022:1160-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for xz fixes the following issues:
CVE-2022-1271: Fixed an incorrect escaping of malicious filenames
(ZDI-CAN-16587). (bsc#1198062)");
script_tag(name:"affected", value:"'xz' package(s) on SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES12.0SP2") {
if(!isnull(res = isrpmvuln(pkg:"liblzma5-32bit", rpm:"liblzma5-32bit~5.0.5~6.7.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"liblzma5", rpm:"liblzma5~5.0.5~6.7.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"liblzma5-debuginfo-32bit", rpm:"liblzma5-debuginfo-32bit~5.0.5~6.7.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"liblzma5-debuginfo", rpm:"liblzma5-debuginfo~5.0.5~6.7.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xz", rpm:"xz~5.0.5~6.7.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xz-debuginfo", rpm:"xz-debuginfo~5.0.5~6.7.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xz-debugsource", rpm:"xz-debugsource~5.0.5~6.7.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xz-lang", rpm:"xz-lang~5.0.5~6.7.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES12.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"liblzma5-32bit", rpm:"liblzma5-32bit~5.0.5~6.7.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"liblzma5", rpm:"liblzma5~5.0.5~6.7.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"liblzma5-debuginfo-32bit", rpm:"liblzma5-debuginfo-32bit~5.0.5~6.7.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"liblzma5-debuginfo", rpm:"liblzma5-debuginfo~5.0.5~6.7.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xz", rpm:"xz~5.0.5~6.7.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xz-debuginfo", rpm:"xz-debuginfo~5.0.5~6.7.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xz-debugsource", rpm:"xz-debugsource~5.0.5~6.7.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xz-lang", rpm:"xz-lang~5.0.5~6.7.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES12.0SP4") {
if(!isnull(res = isrpmvuln(pkg:"liblzma5-32bit", rpm:"liblzma5-32bit~5.0.5~6.7.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"liblzma5", rpm:"liblzma5~5.0.5~6.7.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"liblzma5-debuginfo-32bit", rpm:"liblzma5-debuginfo-32bit~5.0.5~6.7.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"liblzma5-debuginfo", rpm:"liblzma5-debuginfo~5.0.5~6.7.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xz", rpm:"xz~5.0.5~6.7.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xz-debuginfo", rpm:"xz-debuginfo~5.0.5~6.7.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xz-debugsource", rpm:"xz-debugsource~5.0.5~6.7.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xz-lang", rpm:"xz-lang~5.0.5~6.7.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES12.0SP5") {
if(!isnull(res = isrpmvuln(pkg:"liblzma5-32bit", rpm:"liblzma5-32bit~5.0.5~6.7.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"liblzma5", rpm:"liblzma5~5.0.5~6.7.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"liblzma5-debuginfo-32bit", rpm:"liblzma5-debuginfo-32bit~5.0.5~6.7.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"liblzma5-debuginfo", rpm:"liblzma5-debuginfo~5.0.5~6.7.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xz", rpm:"xz~5.0.5~6.7.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xz-debuginfo", rpm:"xz-debuginfo~5.0.5~6.7.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xz-debugsource", rpm:"xz-debugsource~5.0.5~6.7.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xz-lang", rpm:"xz-lang~5.0.5~6.7.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
redhat
redhat
(RHSA-2022:1676) Important: gzip security update
2022-05-03 06:36:38
(RHSA-2022:4940) Important: xz security update
2022-06-08 08:20:11
(RHSA-2022:4582) Important: gzip security update
2022-05-17 22:32:54
fedora
fedora
[SECURITY] Fedora 34 Update: gzip-1.10-5.fc34
2022-04-30 18:40:27
[SECURITY] Fedora 36 Update: gzip-1.11-3.fc36
2022-04-28 22:25:50
[SECURITY] Fedora 36 Update: xz-5.2.5-9.fc36
2022-05-02 19:43:52
prion
prion
Input validation
2022-08-31 16:15:00
altlinux
altlinux
Security fix for the ALT Linux 9 package gzip version 1.10-alt1.p9.1
2023-04-10 00:00:00
Security fix for the ALT Linux 10 package gzip version 1.12-alt1
2022-04-11 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-1271 affecting package gzip 1.9-5
2022-09-17 05:56:35
CVE-2022-1271 affecting package gzip for versions less than 1.12-1
2022-10-05 23:33:39
rosalinux
rosalinux
Advisory ROSA-SA-2023-2301
2023-12-05 10:33:39
openvas
openvas
Huawei EulerOS: Security Advisory for xz (EulerOS-SA-2022-2015)
2022-07-08 00:00:00
Huawei EulerOS: Security Advisory for gzip (EulerOS-SA-2022-1931)
2022-06-22 00:00:00
Fedora: Security Advisory for xz (FEDORA-2022-07cd35f6b8)
2022-05-03 00:00:00
nessus
nessus
Scientific Linux Security Update : gzip on SL7.x x86_64 (2022:2191)
2022-05-12 00:00:00
Rocky Linux 9 : gzip (RLSA-2022:4582)
2023-11-07 00:00:00
EulerOS Virtualization 3.0.6.0 : xz (EulerOS-SA-2022-2597)
2022-10-10 00:00:00
amazon
amazon
Important: xz
2022-05-31 23:47:00
Important: gzip, xz
2022-04-25 22:56:00
Important: gzip
2022-05-31 23:47:00
oraclelinux
oraclelinux
gzip security update
2022-04-26 00:00:00
xz security update
2022-06-13 00:00:00
gzip security update
2022-06-30 00:00:00
f5
f5
K000130546 : Gzip vulnerability CVE-2022-1271
2023-01-25 00:00:00
osv
osv
gzip - security update
2022-04-18 00:00:00
gzip vulnerability
2022-04-13 12:37:06
apache2-mod_apparmor-3.0.4-4.1 on GA media
2024-06-15 00:00:00
redhatcve
redhatcve
CVE-2022-1271
2022-04-08 08:27:59
gentoo
gentoo
GNU Gzip, XZ Utils: Arbitrary file write
2022-09-07 00:00:00
nvd
nvd
CVE-2022-1271
2022-08-31 16:15:09
cloudlinux
cloudlinux
Fixed CVE-2022-1271 in gzip
2022-05-20 00:06:18
debian
debian
[SECURITY] [DLA 2977-1] xz-utils security update
2022-04-10 13:07:58
[SECURITY] [DSA 5123-1] xz-utils security update
2022-04-18 19:36:12
[SECURITY] [DSA 5122-1] gzip security update
2022-04-18 19:31:16
ubuntu
ubuntu
Gzip vulnerability
2022-04-13 00:00:00
Gzip vulnerability
2022-04-13 00:00:00
XZ Utils vulnerability
2022-04-13 00:00:00
freebsd
freebsd
zgrep -- arbitrary file write
2022-04-07 00:00:00
ubuntucve
ubuntucve
CVE-2022-1271
2022-04-07 00:00:00
almalinux
almalinux
Important: xz security update
2022-06-08 00:00:00
Important: xz security update
2022-06-13 00:00:00
slackware
slackware
[slackware-security] gzip
2022-04-14 21:21:03
[slackware-security] xz
2022-04-14 21:21:34
veracode
veracode
Remote Code Execution
2022-04-10 10:33:43
rocky
rocky
xz security update
2022-06-13 07:15:31
gzip security update
2022-05-17 22:32:54
gzip security update
2022-04-26 09:54:04
ibm
ibm
archlinux
archlinux
[ASA-202204-8] xz: arbitrary command execution
2022-04-07 00:00:00
[ASA-202204-7] gzip: arbitrary command execution
2022-04-07 00:00:00
zdi
zdi
alpinelinux
alpinelinux
CVE-2022-1271
2022-08-31 16:15:09
debiancve
debiancve
CVE-2022-1271
2022-08-31 16:15:09
cloudfoundry
cloudfoundry
USN-5378-1: Gzip vulnerability | Cloud Foundry
2022-05-23 00:00:00
cvelist
cvelist
CVE-2022-1271
2022-08-31 15:33:00
suse
suse
Security update for gzip (important)
2022-05-10 00:00:00
mageia
mageia
Updated gzip/xz packages fix security vulnerability
2022-04-23 20:22:42
cve
cve
CVE-2022-1271
2022-08-31 16:15:09
centos
centos
gzip security update
2022-05-13 17:33:20
redos
redos
ROS-20220516-02
2022-05-16 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9.2
Confidence
High
EPSS
0.012
Percentile
85.7%
Related for OPENVAS:13614125623114202211601