Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Slackware: 2022-104-02 Critical: Gzip Arbitrary File Overwrite

slackware
Calendar Grey April 14, 2022
Dist Slackware Esm H88
Latest gzip updates addressing security vulnerabilities are now released for Slackware versions 14.x and 15.x, mitigating risks of file replacement errors.
New gzip packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/gzip-1.12-i586-1_slack15.0.txz: Upgraded. This update fixes a security issue: zgrep applied to a crafted file name with two or more newlines can no longer overwrite an arbitrary, attacker-selected file. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-1271 (* Security fix *)

Topics%20covered

Topics Covered

security advisory critical file overwrite patch Slackware gzip

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/gzip-1.12-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/gzip-1.12-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/gzip-1.12-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/gzip-1.12-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/gzip-1.12-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp...

Read the Full Advisory

MD5 Signatures

Slackware 14.0 package: c86e70ea442a39ae8dee7a32f1230036 gzip-1.12-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: a0c9a1a894b407070934a0dc8389e834 gzip-1.12-x86_64-1_slack14.0.txz
Slackware 14.1 package: 7ab3e32b9b1dcceee1b7a1bf86ca7de2 gzip-1.12-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 1cdfd20648011d475ca80ba611e37262 gzip-1.12-x86_64-1_slack14.1.txz
Slackware 14.2 package: 1bf981ea0168886d730e4646c1594517 gzip-1.12-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 81ded44f47b7b3b187037a6965821679 gzip-1.12-x86_64-1_slack14.2.txz
Slackware 15.0 package: a31fb06e50897a8943dcf8f116322171 gzip-1.12-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: 6f874a71090135b097bc5837ff826746 gzip-1.12-x86_64-1_slack15.0.txz
Slackware -current package: faa5371b6f9d755930b2cdc900772fa8 a/gzip-1.12-i586-1.txz
Slackware x86_64 -current package: bb16131dafc5501c1e21387a0fafad37 a/gzip-1.12-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory critical file overwrite patch Slackware gzip

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg gzip-1.12-i586-1_slack15.0.txz

Related News

Your message here