Explore top 10 tips to secure your open-source projects now. Read More
×Security update. Publication date: 13 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0245.html Type: security Affected Mageia releases: 10, 9 CVE: CVE-2026-41991, CVE-2026-41992 Description: The updated package fixes security vulnerabilities: Predictable Temporary File in GNU gzip. (CVE-2026-41991) Global Buffer Overflow in GNU gzip. (CVE-2026-41992) References: - https://bugs.mageia.org/show_bug.cgi?id=35849 - https://ubuntu.com/security/notices/USN-8512-1 - https://www.cve.org/CVERecord?id=CVE-2026-41991 - https://www.cve.org/CVERecord?id=CVE-2026-41992 SRPMS: - 10/core/gzip-1.14-2.1.mga10 - 9/core/gzip-1.12-1.1.mga9 . Updated gzip package in Mageia addresses critical buffer overflow and predictable file issues for enhanced security.. Mageia Gzip Buffer Overflow Predictable File Security Advisory. . Severity: Critical. LinuxSecurity.com Team
Several security issues were fixed in Gzip.. ========================================================================== Ubuntu Security Notice USN-8512-1 July 06, 2026 gzip vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Gzip. Software Description: - gzip: GNU compression utilities Details: It was discovered that Gzip's gzexe utility handled temporary files in an insecure manner. When the mktemp utility was not available, gzexe constructed a temporary file path based on the process ID, which could be predicted. A local attacker could possibly use this issue to overwrite arbitrary files via a symlink attack. (CVE-2026-41991) It was discovered that Gzip incorrectly handled certain compressed files. An attacker could possibly use this issue to obtain sensitive information or cause Gzip to crash, resulting in a denial of service. (CVE-2026-41992) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS gzip 1.14-1~exp2ubuntu1.1 Ubuntu 24.04 LTS gzip 1.12-1ubuntu3.2 Ubuntu 22.04 LTS gzip 1.10-4ubuntu4.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8512-1 CVE-2026-41991, CVE-2026-41992 Package Information: https://launchpad.net/ubuntu/+source/gzip/1.14-1~exp2ubuntu1.1 https://launchpad.net/ubuntu/+source/gzip/1.12-1ubuntu3.2 https://launchpad.net/ubuntu/+source/gzip/1.10-4ubuntu4.2 . Several critical security issues were resolved in Gzip affecting multiple Ubuntu releases. Update to maintain security.. Ubuntu Gzip Security Critical Updates Local Attack Denial of Service. . Severity: Critical. LinuxSecurity.com Team
* bsc#1236588 * bsc#1236590 Cross-References: * CVE-2025-0167 . # Security update for curl Announcement ID: SUSE-SU-2025:0370-1 Release Date: 2025-02-05T15:34:46Z Rating: moderate References: * bsc#1236588 * bsc#1236590 Cross-References: * CVE-2025-0167 * CVE-2025-0725 CVSS scores: * CVE-2025-0167 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-0167 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-0725 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-0725 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-0725 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2025-0725: Fixed gzip integer overflow(bsc#1236590) * CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-370=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-370=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-370=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-370=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-370=1 SUSE-SLE-Product- SLES_SAP-15-SP4-2025-370=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2025-370=1 SUSE-SLE-Product- SLES_SAP-15-SP5-2025-370=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-370=1 SUSE-SLE-Product-SUSE- Manager-Proxy-4.3-2025-370=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-370=1 SUSE-SLE-Product-SUSE- Manager-Retail-Branch-Server-4.3-2025-370=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-370=1 SUSE- SLE-INSTALLER-15-SP4-2025-370=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-370=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-370=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-370=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-370=1 * SUSE Linux Enterprise High Performance Computing 15SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2025-370=1 * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2025-370=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2025-370=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-370=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-370=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-370=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-370=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-370=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-370=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-370=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * SUSE LinuxEnterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * SUSE Manager Proxy 4.3 (x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Manager Server 4.3 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * openSUSE Leap 15.4 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl-devel-32bit-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libcurl4-64bit-debuginfo-8.0.1-150400.5.62.1 * libcurl-devel-64bit-8.0.1-150400.5.62.1 * libcurl4-64bit-8.0.1-150400.5.62.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * libcurl4-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * libcurl4-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libcurl4-8.0.1-150400.5.62.1 * SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64) * libcurl4-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Server15 SP5 (aarch64 ppc64le s390x x86_64) * libcurl4-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Desktop 15 SP5 (x86_64) * libcurl4-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) *curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 ## References: * https://www.suse.com/security/cve/CVE-2025-0167.html * https://www.suse.com/security/cve/CVE-2025-0725.html * https://bugzilla.suse.com/show_bug.cgi?id=1236588 * https://bugzilla.suse.com/show_bug.cgi?id=1236590 . SUSE has issued a vital update for curl, resolving two vulnerabilities that may cause crashes and credential leaks. Users should upgrade for better security and stability. curl update,SUSE security,patch management. . LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-4582 https://linux.oracle.com/errata/ELSA-2022-4582.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: gzip-1.10-9.el9_0.x86_64.rpm aarch64: gzip-1.10-9.el9_0.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates/gzip-1.10-9.el9_0.src.rpm Related CVEs: CVE-2022-1271 Description of changes: [1.10-9] - fix an arbitrary-file-write vulnerability in zgrep Resolves: CVE-2022-1271 _______________________________________________ El-errata mailing list
gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 xz-5.2.2-2.el7_9.x86_64.rpm xz-debuginfo-5.2.2-2.el7_9.i686.rpm xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm xz-libs-5.2.2-2.el7_9.i686.rpm xz-libs-5.2.2-2.el7_9.x8 [More...]. Synopsis: Important: xz security update Advisory ID: SLSA-2022:5052-1 Issue Date: 2022-06-15 CVE Numbers: CVE-2022-1271 -- Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE -- SL7 x86_64 xz-5.2.2-2.el7_9.x86_64.rpm xz-debuginfo-5.2.2-2.el7_9.i686.rpm xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm xz-libs-5.2.2-2.el7_9.i686.rpm xz-libs-5.2.2-2.el7_9.x86_64.rpm xz-compat-libs-5.2.2-2.el7_9.i686.rpm xz-compat-libs-5.2.2-2.el7_9.x86_64.rpm xz-devel-5.2.2-2.el7_9.i686.rpm xz-devel-5.2.2-2.el7_9.x86_64.rpm xz-lzma-compat-5.2.2-2.el7_9.x86_64.rpm - Scientific Linux Development Team . Important security notice regarding Scientific Linux updates xz to resolve critical arbitrary-file-write vulnerability.. xz Security Update, Scientific Linux Alert, Arbitrary File Write, Linux Security Patch. . Severity: Critical. LinuxSecurity.com Team
An update for xz is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: xz security update Advisory ID: RHSA-2022:4992-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:4992 Issue date: 2022-06-13 CVE Names: CVE-2022-1271 ==================================================================== 1. Summary: An update for xz is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 2073310 - CVE-2022-1271 gzip: arbitrary-file-write vulnerability 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: xz-5.2.4-4.el8_2.src.rpm aarch64: xz-5.2.4-4.el8_2.aarch64.rpm xz-debuginfo-5.2.4-4.el8_2.aarch64.rpm xz-debugsource-5.2.4-4.el8_2.aarch64.rpm xz-devel-5.2.4-4.el8_2.aarch64.rpm xz-libs-5.2.4-4.el8_2.aarch64.rpm xz-libs-debuginfo-5.2.4-4.el8_2.aarch64.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.aarch64.rpm ppc64le: xz-5.2.4-4.el8_2.ppc64le.rpm xz-debuginfo-5.2.4-4.el8_2.ppc64le.rpm xz-debugsource-5.2.4-4.el8_2.ppc64le.rpm xz-devel-5.2.4-4.el8_2.ppc64le.rpm xz-libs-5.2.4-4.el8_2.ppc64le.rpm xz-libs-debuginfo-5.2.4-4.el8_2.ppc64le.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.ppc64le.rpm s390x: xz-5.2.4-4.el8_2.s390x.rpm xz-debuginfo-5.2.4-4.el8_2.s390x.rpm xz-debugsource-5.2.4-4.el8_2.s390x.rpm xz-devel-5.2.4-4.el8_2.s390x.rpm xz-libs-5.2.4-4.el8_2.s390x.rpm xz-libs-debuginfo-5.2.4-4.el8_2.s390x.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.s390x.rpm x86_64: xz-5.2.4-4.el8_2.x86_64.rpm xz-debuginfo-5.2.4-4.el8_2.i686.rpm xz-debuginfo-5.2.4-4.el8_2.x86_64.rpm xz-debugsource-5.2.4-4.el8_2.i686.rpm xz-debugsource-5.2.4-4.el8_2.x86_64.rpm xz-devel-5.2.4-4.el8_2.i686.rpm xz-devel-5.2.4-4.el8_2.x86_64.rpm xz-libs-5.2.4-4.el8_2.i686.rpm xz-libs-5.2.4-4.el8_2.x86_64.rpm xz-libs-debuginfo-5.2.4-4.el8_2.i686.rpm xz-libs-debuginfo-5.2.4-4.el8_2.x86_64.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.i686.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v.8.2): aarch64: xz-debuginfo-5.2.4-4.el8_2.aarch64.rpm xz-debugsource-5.2.4-4.el8_2.aarch64.rpm xz-libs-debuginfo-5.2.4-4.el8_2.aarch64.rpm xz-lzma-compat-5.2.4-4.el8_2.aarch64.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.aarch64.rpm ppc64le: xz-debuginfo-5.2.4-4.el8_2.ppc64le.rpm xz-debugsource-5.2.4-4.el8_2.ppc64le.rpm xz-libs-debuginfo-5.2.4-4.el8_2.ppc64le.rpm xz-lzma-compat-5.2.4-4.el8_2.ppc64le.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.ppc64le.rpm s390x: xz-debuginfo-5.2.4-4.el8_2.s390x.rpm xz-debugsource-5.2.4-4.el8_2.s390x.rpm xz-libs-debuginfo-5.2.4-4.el8_2.s390x.rpm xz-lzma-compat-5.2.4-4.el8_2.s390x.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.s390x.rpm x86_64: xz-debuginfo-5.2.4-4.el8_2.x86_64.rpm xz-debugsource-5.2.4-4.el8_2.x86_64.rpm xz-libs-debuginfo-5.2.4-4.el8_2.x86_64.rpm xz-lzma-compat-5.2.4-4.el8_2.x86_64.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYqcmgNzjgjWX9erEAQiFmA//QvLebq6O1ElGuQbAOcMZMk+essRRYnAD dqAwMuepS7op1u9FsHmugzWZLFHLEmekR9Kq2odyzkWc5FB73+Iv9eqw4iODcZhb IkDjQbZmHRrAjZ3GC2kHP/xL9SkYyAQICvGO6kBeunG7DXrZT2C24UllhBWnl2ST PLlXIL8k8IvzViacLrR7rtMZU1IsARPdn391bB8XMCGnuzL0D4Z3ncnGCgQ3u+20 raw4ZD5EY8aNzpd3E44l0BKkxxluFM6Td2KXIcK8hIyvSqbMSuOZiJTIfFgqY5Ms tjvfZBW8WVHwAWoD/nF7Ctv8GwvFRiypZnjtiiGEzxzl8ht63J5lqo/LgaY2upZM +AIH9aUNsTlSftKUU1/qHfzWIfTz9tpzSR/IMuKsomfCuZWkTU5cU/HyXn4gYmSH +OaiD06PZDxk0pjil19FbOvn36FWCprbM/KuKFsLMK0LSUXRIpzMfjR8Ok887fqS gtxbCRUacD/EUcIoqv8paV3R3J5ozP+PFmLBqrnNOhkyJ2JkdY22fZyZoDKQIATA 2b3mW4aPxrhNj0bnTj+5PmhaxK+LnZtrYf1WVx0Tv4HZWqv2kmqClT61kvrIcU1r 1VFSn7DhVquKaHtMe7InXjP62bnla47rTHBs/zcagfnkd8T3u4ZWrS2CiH3FBbft NUeDYdX5EhQ=4jHG -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for gzip is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: gzip security update Advisory ID: RHSA-2022:4582-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:4582 Issue date: 2022-05-17 CVE Names: CVE-2022-1271 ==================================================================== 1. Summary: An update for gzip is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: The gzip packages contain the gzip (GNU zip) data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times. Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2073310 - CVE-2022-1271 gzip: arbitrary-file-writevulnerability 6. Package List: Red Hat Enterprise Linux BaseOS (v. 9): Source: gzip-1.10-9.el9_0.src.rpm aarch64: gzip-1.10-9.el9_0.aarch64.rpm gzip-debuginfo-1.10-9.el9_0.aarch64.rpm gzip-debugsource-1.10-9.el9_0.aarch64.rpm ppc64le: gzip-1.10-9.el9_0.ppc64le.rpm gzip-debuginfo-1.10-9.el9_0.ppc64le.rpm gzip-debugsource-1.10-9.el9_0.ppc64le.rpm s390x: gzip-1.10-9.el9_0.s390x.rpm gzip-debuginfo-1.10-9.el9_0.s390x.rpm gzip-debugsource-1.10-9.el9_0.s390x.rpm x86_64: gzip-1.10-9.el9_0.x86_64.rpm gzip-debuginfo-1.10-9.el9_0.x86_64.rpm gzip-debugsource-1.10-9.el9_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYpn+59zjgjWX9erEAQiwlBAAlZ4e1is7IaJFng3qIf3dY4ty5iQfv38X PbNSt0txur82w5UMoZN+sovCOgUS69rZTPUVJrGFCdbwRGDxPyrXNkmra0MwAEyq GNNYEoYAKwwgcDDd9+mEKlX+ePXAPSh32ve6abiicQGmO449loSkkvOL61WX3BQ6 JkXfmAA0a3ofIwWJ5MW/gamIw3qm0bsM/WeMKldw23EQBETu3DPKmk9sLq8fSxEx oTTvcGd1CsfshrNd0TlZVG51f+mXWBwnuJvMXn9PgKrX+bMRXkV95BxXVjWnw4Ve hUPxp/VJt6+dDaXgTC+iEjbfJEVau80ehIyEgM2pkk37ct3s9eJ78rlirqPbISxk bRLWXub1Q//BKoIhPEFzcTcuVbWW/HY2I8XgU/0iH3Ssnx98ccBvmfDYPI8hJbyk xHJuzxiFbk1NzgIjsJMGcxvtObI6+7w5ftKZKS1R5pTbb72+9HNgOFd53r6V8HCE 9cClIEiPh2NKOACcKVcFxZKVbZlOXFIeQv0KkTP0CQJseb7MWzxGUoox+NEj+tE9 slKe7YdOAYQH+vX9p5c5p++fzynF2QxxrYJC7xVY79uttCjRuxZhUuadHLij3duH pw7nMVOOKm91KE+taPFXjmRAmVHM/ubhS2ZQPlEyBA1S75dHKDOZY/BCPi3KDX7V ueOs8g52yG8=89q8 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update that contains security fixes can now be installed. . SUSE Security Update: Security update for gzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1673-1 Rating: important References: Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for gzip fixes the following issues: - CVE-2022-1271: Add hardening for zgrep. (bsc#1198062) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1673=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1673=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1673=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1673=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1673=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1673=1 - SUSE Linux EnterpriseServer 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1673=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1673=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1673=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1673=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1673=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - SUSE OpenStack Cloud 9 (x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - SUSE OpenStack Cloud 8 (x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - HPE Helion Openstack 8 (x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 References: . SUSE has released a critical security patch for gzip, including detailed instructions on how to install the update for impacted products.. gzip security update,SUSE patches,important updates,installation instructions,OpenStack cloud security. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.