Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
199
security advisorysecurity issuesoftware patchCentOS 7 CESA-2022-5052 Critical: Xz Package Security Issue
Upstream details at : https://access.redhat.com/errata/RHSA-2022:5052. CentOS Errata and Security Advisory 2022:5052 Important Upstream details at : https://access.redhat.com/errata/RHSA-2022:5052 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 775f41c9398da339ae50faf7692eb4b9de783c58e046c6c24f659c666b25eb48 xz-5.2.2-2.el7_9.x86_64.rpm aa0a9aa8e1958293d8bb429a513a459f4abafa838c9e217974640cfcd36c5e3a xz-compat-libs-5.2.2-2.el7_9.i686.rpm 2cb993f044a866a8d47b449c45f92f04540a139e5b827a0b845f6c9600d83af6 xz-compat-libs-5.2.2-2.el7_9.x86_64.rpm 4ddc7a2a317dc75228322785e2290c04acd3263ac771458097e5f402bb10508a xz-devel-5.2.2-2.el7_9.i686.rpm 8c62263350421e7c3081b4a531f8e15ef5bfb5e410a34687ca4a799ff23362ef xz-devel-5.2.2-2.el7_9.x86_64.rpm 86b3087af0b5a421efcfc192824973fcedcaee28a0e78bdb52d9101ffee96ebc xz-libs-5.2.2-2.el7_9.i686.rpm 4b698de5fd7e0a64306106f3018e9d00dedc1f7a46d354339f012c97d004bd0c xz-libs-5.2.2-2.el7_9.x86_64.rpm c16b5a1bf49c89cb3789f39c8dd6db6309830df4d3274cfa0ea3d38e38f0ebb8 xz-lzma-compat-5.2.2-2.el7_9.x86_64.rpm Source: 0d2e8869dac71d85de14a678e54c2a4bb4e7bd8a059b18d09523a2dabd81207f xz-5.2.2-2.el7_9.src.rpm -- Johnny Hughes CentOS Project { https://www.centos.org/ } irc: hughesjr, #
Aug 02, 2022
•Critical
CentOS
217
security advisoryupdatecriticalOracle Linux 8 ELSA-2022-4991 Critical: Xz Arbitrary File Write Fix
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-4991 https://linux.oracle.com/errata/ELSA-2022-4991.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: xz-5.2.4-4.el8_6.x86_64.rpm xz-devel-5.2.4-4.el8_6.i686.rpm xz-devel-5.2.4-4.el8_6.x86_64.rpm xz-libs-5.2.4-4.el8_6.i686.rpm xz-libs-5.2.4-4.el8_6.x86_64.rpm xz-lzma-compat-5.2.4-4.el8_6.x86_64.rpm aarch64: xz-5.2.4-4.el8_6.aarch64.rpm xz-devel-5.2.4-4.el8_6.aarch64.rpm xz-libs-5.2.4-4.el8_6.aarch64.rpm xz-lzma-compat-5.2.4-4.el8_6.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates/xz-5.2.4-4.el8_6.src.rpm Related CVEs: CVE-2022-1271 Description of changes: [5.2.4-4] - Fix arbitrary file write vulnerability Resolves: CVE-2022-1271 _______________________________________________ El-errata mailing list
Jun 15, 2022
•Critical
Oracle
99
security advisorysecurity issueupdateSlackware 15.0: 2022-104-03 Moderate: Xz File Overwrite Issue
New xz packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] xz (SSA:2022-104-03) New xz packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/xz-5.2.5-i586-4_slack15.0.txz: Rebuilt. This update fixes a security issue: xzgrep applied to a crafted file name with two or more newlines can no longer overwrite an arbitrary, attacker-selected file. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-1271 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware 14.2: Updated package for Slackware x86_64 14.2: Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xz-5.2.5-i586-4_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xz-5.2.5-x86_64-4_slack15.0.txz Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.0 package: 4835722bc7066487363c2b8dda562105 xz-5.2.5-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 2ca6548bd35db4f5b5eaefe90c6070e2 xz-5.2.5-x86_64-1_slack14.0.txz Slackware 14.1 package: 35cd2b7b3f0bf24a81abd05a80e8c344 xz-5.2.5-i486-1_slack14.1.txz Slackware x86_64 14.1package: 06043e25eaa9f4f8d336afa0023ee232 xz-5.2.5-x86_64-1_slack14.1.txz Slackware 14.2 package: 044d7f03cf85a715d799e8958ddc68c3 xz-5.2.5-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 4e7967ca1fe883c106def6f645b01277 xz-5.2.5-x86_64-1_slack14.2.txz Slackware 15.0 package: 958add191fc9193317814c57fe5e397f xz-5.2.5-i586-4_slack15.0.txz Slackware x86_64 15.0 package: af5cd05a54de11889a90f5309d65af7a xz-5.2.5-x86_64-4_slack15.0.txz Slackware -current package: a105af7063968ce0c4373359247b05a1 a/xz-5.2.5-i586-4.txz Slackware x86_64 -current package: 7b9a9cbec402562daf8411eecc886498 a/xz-5.2.5-x86_64-4.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg xz-5.2.5-i586-4_slack15.0.txz +-----+ . Latest xz updates released for Slackware 14.x and -current to rectify a major vulnerability related to file processing.. xz Update, Slackware Security, Package Management, System Update. . Severity: Important. LinuxSecurity.com Team
Apr 14, 2022
•Important
Slackware
198
security advisoryhigh severityarbitrary code executionArch Linux: ASA-202204-8 High: xz Command Execution Issue
The package xz before version 5.2.5-3 is vulnerable to arbitrary command execution. . Arch Linux Security Advisory ASA-202204-8 ======================================== Severity: High Date : 2022-04-07 CVE-ID : CVE-2022-1271 Package : xz Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-2665 Summary ====== The package xz before version 5.2.5-3 is vulnerable to arbitrary command execution. Resolution ========= Upgrade to 5.2.5-3. # pacman -Syu "xz> =5.2.5-3" The problem has been fixed upstream but no release is available yet. Workaround ========= None. Description ========== Malicious filenames with two or more newlines can make zgrep and xzgrep to write to arbitrary files or (with a GNU sed extension) lead to arbitrary code execution. The issue with the old code is that with multiple newlines, the N-command will read the second line of input, then the s-commands will be skipped because it's not the end of the file yet, then a new sed cycle starts and the pattern space is printed and emptied. So only the last line or two get escaped. Impact ===== An attacker is able to provide malicious filenames to write to arbitrary files or execute arbitrary commands on the affected host. References ========= https://cgit.git.savannah.gnu.org/cgit/gzip.git/commit/?id=dc9740df61e575e8c3148b7bd3c147a81ea00c7c https://savannah.gnu.org/forum/forum.php?forum_id=10157 https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch.sig https://security.archlinux.org/CVE-2022-1271 . The Ubuntu Security Notice USN-4456-1 addresses a critical vulnerability in the OpenSSL library versions preceding 1.1.1n.. Arch Linux, xz Command, Security Advisory, Command Execution, Package Security. . LinuxSecurity.com Team
Apr 12, 2022
ArchLinux
100
security advisoryimportant updateSUSE Linux Enterprise ServerSUSE: 2022:1160-1 Critical: xz File Path Security Vulnerability
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for xz ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1160-1 Rating: important References: #1198062 Cross-References: CVE-2022-1271 CVSS scores: CVE-2022-1271 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1160=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1160=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1160=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1160=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1160=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1160=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1160=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1160=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1160=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1160=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1160=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1160=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1160=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): xz-lang-5.0.5-6.7.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): xz-lang-5.0.5-6.7.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE OpenStack Cloud 9 (x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE OpenStack Cloud 9 (noarch): xz-lang-5.0.5-6.7.1 - SUSE OpenStack Cloud 8 (noarch): xz-lang-5.0.5-6.7.1 - SUSE OpenStack Cloud 8 (x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 xz-devel-5.0.5-6.7.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): xz-lang-5.0.5-6.7.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): xz-lang-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): xz-lang-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): xz-lang-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): xz-lang-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): xz-lang-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): xz-lang-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - HPE Helion Openstack 8 (noarch): xz-lang-5.0.5-6.7.1 - HPE Helion Openstack 8 (x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 References: https://www.suse.com/security/cve/CVE-2022-1271.html https://bugzilla.suse.com/1198062 . Debian announces critical patch for tar resolvingarchive extraction vulnerability, enhancing protection across various platforms.. SUSE Security Update,xz Package,Important Fix,OpenStack Cloud,HPE Helion. . Severity: Important. LinuxSecurity.com Team
Apr 12, 2022
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!