oss-sec mailing list archives
Re: zgrep, xzgrep: arbitrary-file-write vulnerability
From: Levente Polyak <levente () leventepolyak net>
Date: Thu, 7 Apr 2022 23:29:03 +0200
On 4/7/22 20:44, Jim Meyering wrote:
All previous versions of gzip and xzutils are affected. xzutils released this patch today: https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch.sig gzip-1.12 was released today, with the fix: https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html https://ftp.gnu.org/gnu/gzip/gzip-1.12.tar.xz https://ftp.gnu.org/gnu/gzip/gzip-1.12.tar.xz.sig
CVE-2022-1271 has been assigned to this issue. Cheers, Levente
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
Current thread:
- zgrep, xzgrep: arbitrary-file-write vulnerability Jim Meyering (Apr 07)
- Re: zgrep, xzgrep: arbitrary-file-write vulnerability Jakub Wilk (Apr 08)
- Re: zgrep, xzgrep: arbitrary-file-write vulnerability Axel Beckert (Apr 08)
- Re: zgrep, xzgrep: arbitrary-file-write vulnerability Levente Polyak (Apr 08)
- Re: zgrep, xzgrep: arbitrary-file-write vulnerability Jakub Wilk (Apr 08)