Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 515
Alerts This Week
Warning Icon 1 515

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 42 articles for you...
203

Mageia Gzip Critical Buffer Overflow Predictable File Vuln 2026-0245

Security update. Publication date: 13 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0245.html Type: security Affected Mageia releases: 10, 9 CVE: CVE-2026-41991, CVE-2026-41992 Description: The updated package fixes security vulnerabilities: Predictable Temporary File in GNU gzip. (CVE-2026-41991) Global Buffer Overflow in GNU gzip. (CVE-2026-41992) References: - https://bugs.mageia.org/show_bug.cgi?id=35849 - https://ubuntu.com/security/notices/USN-8512-1 - https://www.cve.org/CVERecord?id=CVE-2026-41991 - https://www.cve.org/CVERecord?id=CVE-2026-41992 SRPMS: - 10/core/gzip-1.14-2.1.mga10 - 9/core/gzip-1.12-1.1.mga9 . Updated gzip package in Mageia addresses critical buffer overflow and predictable file issues for enhanced security.. Mageia Gzip Buffer Overflow Predictable File Security Advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 Critical Mageia
172

Ubuntu Gzip Critical Denial Of Service Local Attack USN-8512-1

Several security issues were fixed in Gzip.. ========================================================================== Ubuntu Security Notice USN-8512-1 July 06, 2026 gzip vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Gzip. Software Description: - gzip: GNU compression utilities Details: It was discovered that Gzip's gzexe utility handled temporary files in an insecure manner. When the mktemp utility was not available, gzexe constructed a temporary file path based on the process ID, which could be predicted. A local attacker could possibly use this issue to overwrite arbitrary files via a symlink attack. (CVE-2026-41991) It was discovered that Gzip incorrectly handled certain compressed files. An attacker could possibly use this issue to obtain sensitive information or cause Gzip to crash, resulting in a denial of service. (CVE-2026-41992) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS gzip 1.14-1~exp2ubuntu1.1 Ubuntu 24.04 LTS gzip 1.12-1ubuntu3.2 Ubuntu 22.04 LTS gzip 1.10-4ubuntu4.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8512-1 CVE-2026-41991, CVE-2026-41992 Package Information: https://launchpad.net/ubuntu/+source/gzip/1.14-1~exp2ubuntu1.1 https://launchpad.net/ubuntu/+source/gzip/1.12-1ubuntu3.2 https://launchpad.net/ubuntu/+source/gzip/1.10-4ubuntu4.2 . Several critical security issues were resolved in Gzip affecting multiple Ubuntu releases. Update to maintain security.. Ubuntu Gzip Security Critical Updates Local Attack Denial of Service. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 06, 2026 Critical Ubuntu
100

SUSE: 2025:0370-1 moderate: curl integer overflow and credential leak

* bsc#1236588 * bsc#1236590 Cross-References: * CVE-2025-0167 . # Security update for curl Announcement ID: SUSE-SU-2025:0370-1 Release Date: 2025-02-05T15:34:46Z Rating: moderate References: * bsc#1236588 * bsc#1236590 Cross-References: * CVE-2025-0167 * CVE-2025-0725 CVSS scores: * CVE-2025-0167 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-0167 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-0725 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-0725 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-0725 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2025-0725: Fixed gzip integer overflow(bsc#1236590) * CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-370=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-370=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-370=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-370=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-370=1 SUSE-SLE-Product- SLES_SAP-15-SP4-2025-370=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2025-370=1 SUSE-SLE-Product- SLES_SAP-15-SP5-2025-370=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-370=1 SUSE-SLE-Product-SUSE- Manager-Proxy-4.3-2025-370=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-370=1 SUSE-SLE-Product-SUSE- Manager-Retail-Branch-Server-4.3-2025-370=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-370=1 SUSE- SLE-INSTALLER-15-SP4-2025-370=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-370=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-370=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-370=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2025-370=1 * SUSE Linux Enterprise High Performance Computing 15SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2025-370=1 * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2025-370=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2025-370=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-370=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-370=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-370=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-370=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-370=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-370=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-370=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * SUSE LinuxEnterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * SUSE Manager Proxy 4.3 (x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Manager Server 4.3 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * openSUSE Leap 15.4 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl-devel-32bit-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libcurl4-64bit-debuginfo-8.0.1-150400.5.62.1 * libcurl-devel-64bit-8.0.1-150400.5.62.1 * libcurl4-64bit-8.0.1-150400.5.62.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * libcurl4-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * libcurl4-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libcurl4-8.0.1-150400.5.62.1 * SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64) * libcurl4-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Server15 SP5 (aarch64 ppc64le s390x x86_64) * libcurl4-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Desktop 15 SP5 (x86_64) * libcurl4-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) *curl-debuginfo-8.0.1-150400.5.62.1 * curl-debugsource-8.0.1-150400.5.62.1 * libcurl4-8.0.1-150400.5.62.1 * libcurl-devel-8.0.1-150400.5.62.1 * libcurl4-debuginfo-8.0.1-150400.5.62.1 * curl-8.0.1-150400.5.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.62.1 * libcurl4-32bit-8.0.1-150400.5.62.1 ## References: * https://www.suse.com/security/cve/CVE-2025-0167.html * https://www.suse.com/security/cve/CVE-2025-0725.html * https://bugzilla.suse.com/show_bug.cgi?id=1236588 * https://bugzilla.suse.com/show_bug.cgi?id=1236590 . SUSE has issued a vital update for curl, resolving two vulnerabilities that may cause crashes and credential leaks. Users should upgrade for better security and stability. curl update,SUSE security,patch management. . LinuxSecurity.com Team

Calendar%202 Feb 06, 2025 SuSE
217

Oracle Linux 9 ELSA-2022-4582: Critical Gzip Arbitrary-Write Fix

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-4582 https://linux.oracle.com/errata/ELSA-2022-4582.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: gzip-1.10-9.el9_0.x86_64.rpm aarch64: gzip-1.10-9.el9_0.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates/gzip-1.10-9.el9_0.src.rpm Related CVEs: CVE-2022-1271 Description of changes: [1.10-9] - fix an arbitrary-file-write vulnerability in zgrep Resolves: CVE-2022-1271 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 9 has rolled out a critical update for gzip, focusing on resolving a vulnerability related to arbitrary file write capabilities. Learn more within.. gzip Security Update, Oracle Linux Advisory, ELSA-2022-4582. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 01, 2022 Critical Oracle
200

Scientific Linux SL7 SLSA-2022-5052-1 Critical: Gzip File Write

gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 xz-5.2.2-2.el7_9.x86_64.rpm xz-debuginfo-5.2.2-2.el7_9.i686.rpm xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm xz-libs-5.2.2-2.el7_9.i686.rpm xz-libs-5.2.2-2.el7_9.x8 [More...]. Synopsis: Important: xz security update Advisory ID: SLSA-2022:5052-1 Issue Date: 2022-06-15 CVE Numbers: CVE-2022-1271 -- Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE -- SL7 x86_64 xz-5.2.2-2.el7_9.x86_64.rpm xz-debuginfo-5.2.2-2.el7_9.i686.rpm xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm xz-libs-5.2.2-2.el7_9.i686.rpm xz-libs-5.2.2-2.el7_9.x86_64.rpm xz-compat-libs-5.2.2-2.el7_9.i686.rpm xz-compat-libs-5.2.2-2.el7_9.x86_64.rpm xz-devel-5.2.2-2.el7_9.i686.rpm xz-devel-5.2.2-2.el7_9.x86_64.rpm xz-lzma-compat-5.2.2-2.el7_9.x86_64.rpm - Scientific Linux Development Team . Important security notice regarding Scientific Linux updates xz to resolve critical arbitrary-file-write vulnerability.. xz Security Update, Scientific Linux Alert, Arbitrary File Write, Linux Security Patch. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 15, 2022 Critical Scientific Linux
98

Ubuntu 20.04: USN-2022-5003-02 Critical: tar Improper-File-Handling

An update for xz is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: xz security update Advisory ID: RHSA-2022:4992-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:4992 Issue date: 2022-06-13 CVE Names: CVE-2022-1271 ==================================================================== 1. Summary: An update for xz is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 2073310 - CVE-2022-1271 gzip: arbitrary-file-write vulnerability 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: xz-5.2.4-4.el8_2.src.rpm aarch64: xz-5.2.4-4.el8_2.aarch64.rpm xz-debuginfo-5.2.4-4.el8_2.aarch64.rpm xz-debugsource-5.2.4-4.el8_2.aarch64.rpm xz-devel-5.2.4-4.el8_2.aarch64.rpm xz-libs-5.2.4-4.el8_2.aarch64.rpm xz-libs-debuginfo-5.2.4-4.el8_2.aarch64.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.aarch64.rpm ppc64le: xz-5.2.4-4.el8_2.ppc64le.rpm xz-debuginfo-5.2.4-4.el8_2.ppc64le.rpm xz-debugsource-5.2.4-4.el8_2.ppc64le.rpm xz-devel-5.2.4-4.el8_2.ppc64le.rpm xz-libs-5.2.4-4.el8_2.ppc64le.rpm xz-libs-debuginfo-5.2.4-4.el8_2.ppc64le.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.ppc64le.rpm s390x: xz-5.2.4-4.el8_2.s390x.rpm xz-debuginfo-5.2.4-4.el8_2.s390x.rpm xz-debugsource-5.2.4-4.el8_2.s390x.rpm xz-devel-5.2.4-4.el8_2.s390x.rpm xz-libs-5.2.4-4.el8_2.s390x.rpm xz-libs-debuginfo-5.2.4-4.el8_2.s390x.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.s390x.rpm x86_64: xz-5.2.4-4.el8_2.x86_64.rpm xz-debuginfo-5.2.4-4.el8_2.i686.rpm xz-debuginfo-5.2.4-4.el8_2.x86_64.rpm xz-debugsource-5.2.4-4.el8_2.i686.rpm xz-debugsource-5.2.4-4.el8_2.x86_64.rpm xz-devel-5.2.4-4.el8_2.i686.rpm xz-devel-5.2.4-4.el8_2.x86_64.rpm xz-libs-5.2.4-4.el8_2.i686.rpm xz-libs-5.2.4-4.el8_2.x86_64.rpm xz-libs-debuginfo-5.2.4-4.el8_2.i686.rpm xz-libs-debuginfo-5.2.4-4.el8_2.x86_64.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.i686.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v.8.2): aarch64: xz-debuginfo-5.2.4-4.el8_2.aarch64.rpm xz-debugsource-5.2.4-4.el8_2.aarch64.rpm xz-libs-debuginfo-5.2.4-4.el8_2.aarch64.rpm xz-lzma-compat-5.2.4-4.el8_2.aarch64.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.aarch64.rpm ppc64le: xz-debuginfo-5.2.4-4.el8_2.ppc64le.rpm xz-debugsource-5.2.4-4.el8_2.ppc64le.rpm xz-libs-debuginfo-5.2.4-4.el8_2.ppc64le.rpm xz-lzma-compat-5.2.4-4.el8_2.ppc64le.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.ppc64le.rpm s390x: xz-debuginfo-5.2.4-4.el8_2.s390x.rpm xz-debugsource-5.2.4-4.el8_2.s390x.rpm xz-libs-debuginfo-5.2.4-4.el8_2.s390x.rpm xz-lzma-compat-5.2.4-4.el8_2.s390x.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.s390x.rpm x86_64: xz-debuginfo-5.2.4-4.el8_2.x86_64.rpm xz-debugsource-5.2.4-4.el8_2.x86_64.rpm xz-libs-debuginfo-5.2.4-4.el8_2.x86_64.rpm xz-lzma-compat-5.2.4-4.el8_2.x86_64.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYqcmgNzjgjWX9erEAQiFmA//QvLebq6O1ElGuQbAOcMZMk+essRRYnAD dqAwMuepS7op1u9FsHmugzWZLFHLEmekR9Kq2odyzkWc5FB73+Iv9eqw4iODcZhb IkDjQbZmHRrAjZ3GC2kHP/xL9SkYyAQICvGO6kBeunG7DXrZT2C24UllhBWnl2ST PLlXIL8k8IvzViacLrR7rtMZU1IsARPdn391bB8XMCGnuzL0D4Z3ncnGCgQ3u+20 raw4ZD5EY8aNzpd3E44l0BKkxxluFM6Td2KXIcK8hIyvSqbMSuOZiJTIfFgqY5Ms tjvfZBW8WVHwAWoD/nF7Ctv8GwvFRiypZnjtiiGEzxzl8ht63J5lqo/LgaY2upZM +AIH9aUNsTlSftKUU1/qHfzWIfTz9tpzSR/IMuKsomfCuZWkTU5cU/HyXn4gYmSH +OaiD06PZDxk0pjil19FbOvn36FWCprbM/KuKFsLMK0LSUXRIpzMfjR8Ok887fqS gtxbCRUacD/EUcIoqv8paV3R3J5ozP+PFmLBqrnNOhkyJ2JkdY22fZyZoDKQIATA 2b3mW4aPxrhNj0bnTj+5PmhaxK+LnZtrYf1WVx0Tv4HZWqv2kmqClT61kvrIcU1r 1VFSn7DhVquKaHtMe7InXjP62bnla47rTHBs/zcagfnkd8T3u4ZWrS2CiH3FBbft NUeDYdX5EhQ=4jHG -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . An important xz patch has been released for Red Hat Enterprise Linux 8.2, addressing vulnerabilities in compression utilities.. Red Hat Security, xz Update, Important Security Advisory, Arbitrary File Write. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 13, 2022 Important Red Hat
98

Red Hat Enterprise Linux 9 RHSA-2022:4582-01 Important Gzip Fix

An update for gzip is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: gzip security update Advisory ID: RHSA-2022:4582-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:4582 Issue date: 2022-05-17 CVE Names: CVE-2022-1271 ==================================================================== 1. Summary: An update for gzip is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: The gzip packages contain the gzip (GNU zip) data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times. Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2073310 - CVE-2022-1271 gzip: arbitrary-file-writevulnerability 6. Package List: Red Hat Enterprise Linux BaseOS (v. 9): Source: gzip-1.10-9.el9_0.src.rpm aarch64: gzip-1.10-9.el9_0.aarch64.rpm gzip-debuginfo-1.10-9.el9_0.aarch64.rpm gzip-debugsource-1.10-9.el9_0.aarch64.rpm ppc64le: gzip-1.10-9.el9_0.ppc64le.rpm gzip-debuginfo-1.10-9.el9_0.ppc64le.rpm gzip-debugsource-1.10-9.el9_0.ppc64le.rpm s390x: gzip-1.10-9.el9_0.s390x.rpm gzip-debuginfo-1.10-9.el9_0.s390x.rpm gzip-debugsource-1.10-9.el9_0.s390x.rpm x86_64: gzip-1.10-9.el9_0.x86_64.rpm gzip-debuginfo-1.10-9.el9_0.x86_64.rpm gzip-debugsource-1.10-9.el9_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYpn+59zjgjWX9erEAQiwlBAAlZ4e1is7IaJFng3qIf3dY4ty5iQfv38X PbNSt0txur82w5UMoZN+sovCOgUS69rZTPUVJrGFCdbwRGDxPyrXNkmra0MwAEyq GNNYEoYAKwwgcDDd9+mEKlX+ePXAPSh32ve6abiicQGmO449loSkkvOL61WX3BQ6 JkXfmAA0a3ofIwWJ5MW/gamIw3qm0bsM/WeMKldw23EQBETu3DPKmk9sLq8fSxEx oTTvcGd1CsfshrNd0TlZVG51f+mXWBwnuJvMXn9PgKrX+bMRXkV95BxXVjWnw4Ve hUPxp/VJt6+dDaXgTC+iEjbfJEVau80ehIyEgM2pkk37ct3s9eJ78rlirqPbISxk bRLWXub1Q//BKoIhPEFzcTcuVbWW/HY2I8XgU/0iH3Ssnx98ccBvmfDYPI8hJbyk xHJuzxiFbk1NzgIjsJMGcxvtObI6+7w5ftKZKS1R5pTbb72+9HNgOFd53r6V8HCE 9cClIEiPh2NKOACcKVcFxZKVbZlOXFIeQv0KkTP0CQJseb7MWzxGUoox+NEj+tE9 slKe7YdOAYQH+vX9p5c5p++fzynF2QxxrYJC7xVY79uttCjRuxZhUuadHLij3duH pw7nMVOOKm91KE+taPFXjmRAmVHM/ubhS2ZQPlEyBA1S75dHKDOZY/BCPi3KDX7V ueOs8g52yG8=89q8 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Important security alert: Gzip for Red Hat Enterprise Linux 9 has a vulnerability that may permit arbitrary file writes. An updateoutlines remediation steps.. gzip Security Update, Red Hat Enterprise Linux, Important Security Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 03, 2022 Important Red Hat
100

SUSE 12-SP4: SUSE-SU-2022:1673-1 Important Gzip Security Fix

An update that contains security fixes can now be installed. . SUSE Security Update: Security update for gzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1673-1 Rating: important References: Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for gzip fixes the following issues: - CVE-2022-1271: Add hardening for zgrep. (bsc#1198062) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1673=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1673=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1673=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1673=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1673=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1673=1 - SUSE Linux EnterpriseServer 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1673=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1673=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1673=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1673=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1673=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - SUSE OpenStack Cloud 9 (x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - SUSE OpenStack Cloud 8 (x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 - HPE Helion Openstack 8 (x86_64): gzip-1.6-9.9.1 gzip-debuginfo-1.6-9.9.1 gzip-debugsource-1.6-9.9.1 References: . SUSE has released a critical security patch for gzip, including detailed instructions on how to install the update for impacted products.. gzip security update,SUSE patches,important updates,installation instructions,OpenStack cloud security. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 16, 2022 Important SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200