-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: xz security update Advisory ID: RHSA-2022:4994-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:4994 Issue date: 2022-06-13 CVE Names: CVE-2022-1271 ===================================================================== 1. Summary: An update for xz is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2073310 - CVE-2022-1271 gzip: arbitrary-file-write vulnerability 6. Package List: Red Hat Enterprise Linux BaseOS E4S (v. 8.1): Source: xz-5.2.4-4.el8_1.src.rpm aarch64: xz-5.2.4-4.el8_1.aarch64.rpm xz-debuginfo-5.2.4-4.el8_1.aarch64.rpm xz-debugsource-5.2.4-4.el8_1.aarch64.rpm xz-devel-5.2.4-4.el8_1.aarch64.rpm xz-libs-5.2.4-4.el8_1.aarch64.rpm xz-libs-debuginfo-5.2.4-4.el8_1.aarch64.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_1.aarch64.rpm ppc64le: xz-5.2.4-4.el8_1.ppc64le.rpm xz-debuginfo-5.2.4-4.el8_1.ppc64le.rpm xz-debugsource-5.2.4-4.el8_1.ppc64le.rpm xz-devel-5.2.4-4.el8_1.ppc64le.rpm xz-libs-5.2.4-4.el8_1.ppc64le.rpm xz-libs-debuginfo-5.2.4-4.el8_1.ppc64le.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_1.ppc64le.rpm s390x: xz-5.2.4-4.el8_1.s390x.rpm xz-debuginfo-5.2.4-4.el8_1.s390x.rpm xz-debugsource-5.2.4-4.el8_1.s390x.rpm xz-devel-5.2.4-4.el8_1.s390x.rpm xz-libs-5.2.4-4.el8_1.s390x.rpm xz-libs-debuginfo-5.2.4-4.el8_1.s390x.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_1.s390x.rpm x86_64: xz-5.2.4-4.el8_1.x86_64.rpm xz-debuginfo-5.2.4-4.el8_1.i686.rpm xz-debuginfo-5.2.4-4.el8_1.x86_64.rpm xz-debugsource-5.2.4-4.el8_1.i686.rpm xz-debugsource-5.2.4-4.el8_1.x86_64.rpm xz-devel-5.2.4-4.el8_1.i686.rpm xz-devel-5.2.4-4.el8_1.x86_64.rpm xz-libs-5.2.4-4.el8_1.i686.rpm xz-libs-5.2.4-4.el8_1.x86_64.rpm xz-libs-debuginfo-5.2.4-4.el8_1.i686.rpm xz-libs-debuginfo-5.2.4-4.el8_1.x86_64.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_1.i686.rpm xz-lzma-compat-debuginfo-5.2.4-4.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYqcmc9zjgjWX9erEAQgqQRAAm/fGQamwzgXIr6dPxZTYZyCs6DLknzJE 46CLEojxVLzJKbeoFmQ8GcPLqRPM6lAl+h1aAuIb9ucQuuEPHVZHUScDt55OZPmX jeB1Tofdz5qB/BsOgKZjGnCSF2JmBSsBYTKYsj+8n4IAWchT9GZpwwqLU49LIgEv H6oyEoJCz/UhMkZRtRpPKYvJs6+EA/FVfVkZ+LzVaLde4E67pqwW9kLH0laLIED1 qszhimDN9DyqU0BZpEFK5vl2RpQkOSkxKN6BKvmAcGmM97EF2ePGyEzY+siUq9qD t8WC2D63myCPfHZMLbQSeJnfY7FSZEbEY5wvVPCVdZGPzqqzc2P5gyFkZralYSRg 021Hr0cfjI3Sz4f/Hj+MYwJzGDEAKORY/vM3mBVE1aqHFMOd4s/a3T59GnLSX0qj NFUsL+qMYnx7Esnj4Y60+/O1fR4uCdPmK1kjiDYtj7aULHRC5/eO+c4c5pLI+5wk 7RE2s1ghGKFqIXc9e4323KTPoGz9a8akBQRpafrgeVGPnWdT/PAdLQhnwN9vrv6a rrtSMoi2eQfHLZ8WYEfc6jLGdtxJED3tjXZEucGGnjrBt9vNqAFpMEvfPoBnhn6y bplL5p5/IkwZVKXK7urzdYhlObBC1MOb76E3ihYhh/TTo4/7lg437F3sfsY47OdD Lp0DiP3Y824= =OTzz -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce