Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
100
security advisoryimportant updateSUSE Linux EnterpriseSUSE: 2022:1674-1 Important Gzip Security Fix Across Multiple Products
An update that contains security fixes can now be installed. . SUSE Security Update: Security update for gzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1674-1 Rating: important References: Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for gzip fixes the following issues: - CVE-2022-1271: Add hardening for zgrep. (bsc#1198062) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1674=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1674=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1674=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1674=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -tpatch SUSE-SLE-Product-SLES-15-2022-1674=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1674=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1674=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1674=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1674=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1674=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): gzip-1.10-150000.4.15.1 gzip-debuginfo-1.10-150000.4.15.1 gzip-debugsource-1.10-150000.4.15.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): gzip-1.10-150000.4.15.1 gzip-debuginfo-1.10-150000.4.15.1 gzip-debugsource-1.10-150000.4.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): gzip-1.10-150000.4.15.1 gzip-debuginfo-1.10-150000.4.15.1 gzip-debugsource-1.10-150000.4.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): gzip-1.10-150000.4.15.1 gzip-debuginfo-1.10-150000.4.15.1 gzip-debugsource-1.10-150000.4.15.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): gzip-1.10-150000.4.15.1 gzip-debuginfo-1.10-150000.4.15.1 gzip-debugsource-1.10-150000.4.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): gzip-1.10-150000.4.15.1 gzip-debuginfo-1.10-150000.4.15.1 gzip-debugsource-1.10-150000.4.15.1 - SUSE Linux Enterprise HighPerformance Computing 15-SP1-ESPOS (aarch64 x86_64): gzip-1.10-150000.4.15.1 gzip-debuginfo-1.10-150000.4.15.1 gzip-debugsource-1.10-150000.4.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): gzip-1.10-150000.4.15.1 gzip-debuginfo-1.10-150000.4.15.1 gzip-debugsource-1.10-150000.4.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): gzip-1.10-150000.4.15.1 gzip-debuginfo-1.10-150000.4.15.1 gzip-debugsource-1.10-150000.4.15.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): gzip-1.10-150000.4.15.1 gzip-debuginfo-1.10-150000.4.15.1 gzip-debugsource-1.10-150000.4.15.1 - SUSE CaaS Platform 4.0 (x86_64): gzip-1.10-150000.4.15.1 gzip-debuginfo-1.10-150000.4.15.1 gzip-debugsource-1.10-150000.4.15.1 References: . SUSE Security Patch for tar (SUSE-SU-2022:1680-1) provides critical updates for various distributions.. SUSE Update,gzip Fixes,Enterprise Storage,Patch Instructions,Security Update. . Severity: Important. LinuxSecurity.com Team
May 16, 2022
•Important
SuSE
200
security advisorycritical issuearbitrary file writeScientific Linux 7 SLSA-2022-2191-1 Critical: Gzip File Write Issue
gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 gzip-1.5-11.el7_9.x86_64.rpm gzip-debuginfo-1.5-11.el7_9.x86_64.rpm - Scientific Linux Development Team. Synopsis: Important: gzip security update Advisory ID: SLSA-2022:2191-1 Issue Date: 2022-05-11 CVE Numbers: CVE-2022-1271 -- Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE -- SL7 x86_64 gzip-1.5-11.el7_9.x86_64.rpm gzip-debuginfo-1.5-11.el7_9.x86_64.rpm - Scientific Linux Development Team . Important gzip security patch released for Scientific Linux, addressing potential arbitrary file overwrite issue, advisory ID SLSA-2022:2191-1. gzip Security Update, Critical Gzip Fix, Scientific Linux Vulnerability. . Severity: Critical. LinuxSecurity.com Team
May 11, 2022
•Critical
Scientific Linux
98
security advisoryred hatimportant updateRHEL 7 RHSA-2022:2191-01 Important: Gzip Arbitrary File Write Issue
An update for gzip is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: gzip security update Advisory ID: RHSA-2022:2191-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2191 Issue date: 2022-05-11 CVE Names: CVE-2022-1271 ==================================================================== 1. Summary: An update for gzip is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The gzip packages contain the gzip (GNU zip) data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times. Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2073310 - CVE-2022-1271 gzip: arbitrary-file-write vulnerability 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: gzip-1.5-11.el7_9.src.rpm x86_64: gzip-1.5-11.el7_9.x86_64.rpm gzip-debuginfo-1.5-11.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: gzip-1.5-11.el7_9.src.rpm x86_64: gzip-1.5-11.el7_9.x86_64.rpm gzip-debuginfo-1.5-11.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: gzip-1.5-11.el7_9.src.rpm ppc64: gzip-1.5-11.el7_9.ppc64.rpm gzip-debuginfo-1.5-11.el7_9.ppc64.rpm ppc64le: gzip-1.5-11.el7_9.ppc64le.rpm gzip-debuginfo-1.5-11.el7_9.ppc64le.rpm s390x: gzip-1.5-11.el7_9.s390x.rpm gzip-debuginfo-1.5-11.el7_9.s390x.rpm x86_64: gzip-1.5-11.el7_9.x86_64.rpm gzip-debuginfo-1.5-11.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: gzip-1.5-11.el7_9.src.rpm x86_64: gzip-1.5-11.el7_9.x86_64.rpm gzip-debuginfo-1.5-11.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYnw2EtzjgjWX9erEAQiLhg/9H2aZbZdZ9kxJ5xI/0CcYL4469A6+mi4R tKky9IcbxYKBvnX98AIGDCS5BP88T7avpHUK1+aIcbf09gX+RSuX8sDL97ysHeLy i3CMdPy8FjVYTpTzRgWrd7HRiSp+nzL/2nhBF2nOzehGsq28h3RPzUKKPpqkoKKs +0BVUNEikff0BWhfU0u2HNivaXNNACQSf0O9nzpWlFrmDW6XShQs1Nbg+G6L8q+f ydxFNVuaCWSvzeF9tkWkwy+D+c2FRQdKiZa1QMLf0itFfP38p1bL9GE84w7ZycAS d3MuYs1Z3wtptegJcHQXrH2K7ckQvUm+2blc4NSFYOUuBnmrzJLvsOv7hunKhxEg eX6CM/yBB5EFGayhjXlxj2oqUEjpgRv9zsTIny5o02OAbLB3OlDGgjjcJttGgV9R xsELTOeXxsc7IwyzuzXCRyUlobohj90i0UBUBZtIALauHO9lnFWV59E8YftyDFxK lmSTXs4b3kVUCY8UdcotySOdxp/IjKZcOPDDta3iPSdTKuv2RybZfNsp6TMRfEqD eZuZQUWW2HeprLYi6WNkNGSQdrYDx0G/fRk42A7Gy98Av4vA1oyPq7KacmVOPma6 vpaxsHTyDnPxrg6BPXZ/Fnt8fLfmBt7IzKCBK5e6wY0SbLknZorPvUPvl7sLUtEF FfoWAD978A8=7VPS -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 11, 2022
•Important
Red Hat
100
security advisorysoftware updateimportantSUSE: 2022:1617-1 Important: Gzip Filename Escape Security Patch
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for gzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1617-1 Rating: important References: #1198062 #1198922 Cross-References: CVE-2022-1271 CVSS scores: CVE-2022-1271 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1617=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1617=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1617=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1617=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1617=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1617=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1617=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1617=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1617=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1617=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1617=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1617=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1617=1 - SUSE Linux EnterpriseMicro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1617=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1617=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1617=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1617=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Manager Proxy 4.1 (x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 References: https://www.suse.com/security/cve/CVE-2022-1271.html https://bugzilla.suse.com/1198062 https://bugzilla.suse.com/1198922 . Important advisory regarding gzip patching security flaws, particularly concerning filename exposure risks within SUSE environments.. gzip security update,SUSE gzip advisory,filename escape patch,SUSE update importance,security issue resolution. . Severity: Important. LinuxSecurity.com Team
May 10, 2022
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!