Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:4993: Red Hat Security Advisory: xz security update

An update for xz is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-1271: gzip: arbitrary-file-write vulnerability
Red Hat Security Data
#vulnerability#linux#red_hat#ibm#sap#ssl

Synopsis

Important: xz security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for xz is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.

Security Fix(es):

  • gzip: arbitrary-file-write vulnerability (CVE-2022-1271)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.4 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4 aarch64

Fixes

  • BZ - 2073310 - CVE-2022-1271 gzip: arbitrary-file-write vulnerability

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM

xz-5.2.4-4.el8_4.src.rpm

SHA-256: c47781aa0a99873efa9cd64e23bfc1431ad01bae73c1aa1379789d4ce8568e70

x86_64

xz-5.2.4-4.el8_4.x86_64.rpm

SHA-256: e1c2871a7bd76bc75766c3b37dedd572f4bd0e157ec1f8755bb66fe0518a4492

xz-debuginfo-5.2.4-4.el8_4.i686.rpm

SHA-256: 87f3758dabd04de95d85800d3909bd08a64bb4528372049f7bf881c7f079a425

xz-debuginfo-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 2b33586045fc9863fa5e30a5d00fff63e92c28e306a6cc1447e7893e1e4ab3f9

xz-debugsource-5.2.4-4.el8_4.i686.rpm

SHA-256: 404663121fd3750a52f808b10ae41c2a41404f3e16d96d70f159bfdf4b4fb6b5

xz-debugsource-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 6833d4d8d09b712065fd7eddbe80e6cdd82f40b75dd876b22344ba13332e393d

xz-devel-5.2.4-4.el8_4.i686.rpm

SHA-256: 50aede167a60530c2eb65ef07eed2a395037957431fd2884a053313d546bc5ec

xz-devel-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 33c1a56939845360d7a877d82450d784410cba34f5fc7a3ab9e740ab69d5c170

xz-libs-5.2.4-4.el8_4.i686.rpm

SHA-256: 4379316f845cd342a8890b4badf5af7670b04b3e28bf9af1af0a52f3bfaf8afd

xz-libs-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 56a96c8dba257dc1b52a2bc99683f3f744060fb9faa7df1dca6f8b5528300e6e

xz-libs-debuginfo-5.2.4-4.el8_4.i686.rpm

SHA-256: c3b1e8a85aec2736ceb340df6fce45f70a529cd61c6f4273c3a75d555628181a

xz-libs-debuginfo-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 2855427d2e9c7a438dfa275bd07dd087ba93cba00ee898f3fe348ccc35dbd12c

xz-lzma-compat-debuginfo-5.2.4-4.el8_4.i686.rpm

SHA-256: a0cbc00209a1de6394b1f15095409b52354fef6ceb3070a49303e0b82d89846d

xz-lzma-compat-debuginfo-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 8348211c6815ec8a9ddb68af5e191be5b5b55688217bddfe138361038ffa9dd5

Red Hat Enterprise Linux Server - AUS 8.4

SRPM

xz-5.2.4-4.el8_4.src.rpm

SHA-256: c47781aa0a99873efa9cd64e23bfc1431ad01bae73c1aa1379789d4ce8568e70

x86_64

xz-5.2.4-4.el8_4.x86_64.rpm

SHA-256: e1c2871a7bd76bc75766c3b37dedd572f4bd0e157ec1f8755bb66fe0518a4492

xz-debuginfo-5.2.4-4.el8_4.i686.rpm

SHA-256: 87f3758dabd04de95d85800d3909bd08a64bb4528372049f7bf881c7f079a425

xz-debuginfo-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 2b33586045fc9863fa5e30a5d00fff63e92c28e306a6cc1447e7893e1e4ab3f9

xz-debugsource-5.2.4-4.el8_4.i686.rpm

SHA-256: 404663121fd3750a52f808b10ae41c2a41404f3e16d96d70f159bfdf4b4fb6b5

xz-debugsource-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 6833d4d8d09b712065fd7eddbe80e6cdd82f40b75dd876b22344ba13332e393d

xz-devel-5.2.4-4.el8_4.i686.rpm

SHA-256: 50aede167a60530c2eb65ef07eed2a395037957431fd2884a053313d546bc5ec

xz-devel-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 33c1a56939845360d7a877d82450d784410cba34f5fc7a3ab9e740ab69d5c170

xz-libs-5.2.4-4.el8_4.i686.rpm

SHA-256: 4379316f845cd342a8890b4badf5af7670b04b3e28bf9af1af0a52f3bfaf8afd

xz-libs-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 56a96c8dba257dc1b52a2bc99683f3f744060fb9faa7df1dca6f8b5528300e6e

xz-libs-debuginfo-5.2.4-4.el8_4.i686.rpm

SHA-256: c3b1e8a85aec2736ceb340df6fce45f70a529cd61c6f4273c3a75d555628181a

xz-libs-debuginfo-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 2855427d2e9c7a438dfa275bd07dd087ba93cba00ee898f3fe348ccc35dbd12c

xz-lzma-compat-debuginfo-5.2.4-4.el8_4.i686.rpm

SHA-256: a0cbc00209a1de6394b1f15095409b52354fef6ceb3070a49303e0b82d89846d

xz-lzma-compat-debuginfo-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 8348211c6815ec8a9ddb68af5e191be5b5b55688217bddfe138361038ffa9dd5

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM

xz-5.2.4-4.el8_4.src.rpm

SHA-256: c47781aa0a99873efa9cd64e23bfc1431ad01bae73c1aa1379789d4ce8568e70

s390x

xz-5.2.4-4.el8_4.s390x.rpm

SHA-256: 525524b0caf11a23654449b25888c0de009974d85dfa3f1ad7c1bfd1960299d0

xz-debuginfo-5.2.4-4.el8_4.s390x.rpm

SHA-256: 96d194251d41be9b55ab40986d6fec4861aeb084124ae16fd4908473b0060e55

xz-debugsource-5.2.4-4.el8_4.s390x.rpm

SHA-256: 37e93a187e9135f092dffdf5940962543d0a4fbc112a8ec18ea7672fefe65793

xz-devel-5.2.4-4.el8_4.s390x.rpm

SHA-256: a41dfab457fdbb7183f3face5d63c62a86309f7a0d2a662c62b7d4b2e6a73a9b

xz-libs-5.2.4-4.el8_4.s390x.rpm

SHA-256: d1b304220a5b0cb0b7ddb5889b5a2ee948ccb792be3c43bdd8fe00740478bf3b

xz-libs-debuginfo-5.2.4-4.el8_4.s390x.rpm

SHA-256: 3be3af18a311d68f457eed593074c86a7c8008e3a31a824ba20e21329b3d33d2

xz-lzma-compat-debuginfo-5.2.4-4.el8_4.s390x.rpm

SHA-256: 6b2a6a090e4f7577d9ffeb73fc5ce2dd1705b93b20291d51744231cd52dc4e23

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM

xz-5.2.4-4.el8_4.src.rpm

SHA-256: c47781aa0a99873efa9cd64e23bfc1431ad01bae73c1aa1379789d4ce8568e70

ppc64le

xz-5.2.4-4.el8_4.ppc64le.rpm

SHA-256: 210f5ba4fa097f2d9c94ed144ef40336c98a66194e0f9055db2d17724286c975

xz-debuginfo-5.2.4-4.el8_4.ppc64le.rpm

SHA-256: 717cd2b625bf6f40e6c21f143473f40125ec10c00aa5e84013c3175e2f7b9e69

xz-debugsource-5.2.4-4.el8_4.ppc64le.rpm

SHA-256: 1c6864c13ed863088a0766eb79e1bfe185f79679b222676d02badddfa5dfd010

xz-devel-5.2.4-4.el8_4.ppc64le.rpm

SHA-256: 548ad5507aa6b06eada413547a12b89800a15e33ea7ab53daf12bbfc22735348

xz-libs-5.2.4-4.el8_4.ppc64le.rpm

SHA-256: b84e4681b9407bb0510fb016f406062f7fc9686b5719f8f43a67bc7f6b9b971b

xz-libs-debuginfo-5.2.4-4.el8_4.ppc64le.rpm

SHA-256: d1299cc8502d7fac395beb9cd8e8ad18a869e7251c89aa1f9a3a3bcdcb837c44

xz-lzma-compat-debuginfo-5.2.4-4.el8_4.ppc64le.rpm

SHA-256: 2a496815e2b0b174ff6861cd587aa7a09254c01d017547ff46f36ec95ac3797c

Red Hat Enterprise Linux Server - TUS 8.4

SRPM

xz-5.2.4-4.el8_4.src.rpm

SHA-256: c47781aa0a99873efa9cd64e23bfc1431ad01bae73c1aa1379789d4ce8568e70

x86_64

xz-5.2.4-4.el8_4.x86_64.rpm

SHA-256: e1c2871a7bd76bc75766c3b37dedd572f4bd0e157ec1f8755bb66fe0518a4492

xz-debuginfo-5.2.4-4.el8_4.i686.rpm

SHA-256: 87f3758dabd04de95d85800d3909bd08a64bb4528372049f7bf881c7f079a425

xz-debuginfo-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 2b33586045fc9863fa5e30a5d00fff63e92c28e306a6cc1447e7893e1e4ab3f9

xz-debugsource-5.2.4-4.el8_4.i686.rpm

SHA-256: 404663121fd3750a52f808b10ae41c2a41404f3e16d96d70f159bfdf4b4fb6b5

xz-debugsource-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 6833d4d8d09b712065fd7eddbe80e6cdd82f40b75dd876b22344ba13332e393d

xz-devel-5.2.4-4.el8_4.i686.rpm

SHA-256: 50aede167a60530c2eb65ef07eed2a395037957431fd2884a053313d546bc5ec

xz-devel-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 33c1a56939845360d7a877d82450d784410cba34f5fc7a3ab9e740ab69d5c170

xz-libs-5.2.4-4.el8_4.i686.rpm

SHA-256: 4379316f845cd342a8890b4badf5af7670b04b3e28bf9af1af0a52f3bfaf8afd

xz-libs-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 56a96c8dba257dc1b52a2bc99683f3f744060fb9faa7df1dca6f8b5528300e6e

xz-libs-debuginfo-5.2.4-4.el8_4.i686.rpm

SHA-256: c3b1e8a85aec2736ceb340df6fce45f70a529cd61c6f4273c3a75d555628181a

xz-libs-debuginfo-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 2855427d2e9c7a438dfa275bd07dd087ba93cba00ee898f3fe348ccc35dbd12c

xz-lzma-compat-debuginfo-5.2.4-4.el8_4.i686.rpm

SHA-256: a0cbc00209a1de6394b1f15095409b52354fef6ceb3070a49303e0b82d89846d

xz-lzma-compat-debuginfo-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 8348211c6815ec8a9ddb68af5e191be5b5b55688217bddfe138361038ffa9dd5

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM

xz-5.2.4-4.el8_4.src.rpm

SHA-256: c47781aa0a99873efa9cd64e23bfc1431ad01bae73c1aa1379789d4ce8568e70

aarch64

xz-5.2.4-4.el8_4.aarch64.rpm

SHA-256: 0e6183848ed094f501b2dfcac6073b86f58cc0b43e92fa234c6b41aa068d5176

xz-debuginfo-5.2.4-4.el8_4.aarch64.rpm

SHA-256: b391d963e561af11631451510a28964b178e7809db04279192fb3e81de8ef655

xz-debugsource-5.2.4-4.el8_4.aarch64.rpm

SHA-256: 79db34cd21480e45dfb1bb019f57b44dbc2c9b380dec8c8244ae29bbbc4b32eb

xz-devel-5.2.4-4.el8_4.aarch64.rpm

SHA-256: 9afe457ab8641b6a89edb6fc33330e9b158d66fa1d8dc1e718be7ca4efdb3ef9

xz-libs-5.2.4-4.el8_4.aarch64.rpm

SHA-256: 99f71cddb6b027147e64a37f14a7a51e7be433a527f5062594a7564044cbf9d8

xz-libs-debuginfo-5.2.4-4.el8_4.aarch64.rpm

SHA-256: 9b9ec211d41abb1995bbbb7dc3abd15c1d71a7676b221d5b091ebbcf9a600d12

xz-lzma-compat-debuginfo-5.2.4-4.el8_4.aarch64.rpm

SHA-256: 299af64241816265381525b98e90a464e2835a5958ea284be2f8ca8328f0f732

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM

xz-5.2.4-4.el8_4.src.rpm

SHA-256: c47781aa0a99873efa9cd64e23bfc1431ad01bae73c1aa1379789d4ce8568e70

ppc64le

xz-5.2.4-4.el8_4.ppc64le.rpm

SHA-256: 210f5ba4fa097f2d9c94ed144ef40336c98a66194e0f9055db2d17724286c975

xz-debuginfo-5.2.4-4.el8_4.ppc64le.rpm

SHA-256: 717cd2b625bf6f40e6c21f143473f40125ec10c00aa5e84013c3175e2f7b9e69

xz-debugsource-5.2.4-4.el8_4.ppc64le.rpm

SHA-256: 1c6864c13ed863088a0766eb79e1bfe185f79679b222676d02badddfa5dfd010

xz-devel-5.2.4-4.el8_4.ppc64le.rpm

SHA-256: 548ad5507aa6b06eada413547a12b89800a15e33ea7ab53daf12bbfc22735348

xz-libs-5.2.4-4.el8_4.ppc64le.rpm

SHA-256: b84e4681b9407bb0510fb016f406062f7fc9686b5719f8f43a67bc7f6b9b971b

xz-libs-debuginfo-5.2.4-4.el8_4.ppc64le.rpm

SHA-256: d1299cc8502d7fac395beb9cd8e8ad18a869e7251c89aa1f9a3a3bcdcb837c44

xz-lzma-compat-debuginfo-5.2.4-4.el8_4.ppc64le.rpm

SHA-256: 2a496815e2b0b174ff6861cd587aa7a09254c01d017547ff46f36ec95ac3797c

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM

xz-5.2.4-4.el8_4.src.rpm

SHA-256: c47781aa0a99873efa9cd64e23bfc1431ad01bae73c1aa1379789d4ce8568e70

x86_64

xz-5.2.4-4.el8_4.x86_64.rpm

SHA-256: e1c2871a7bd76bc75766c3b37dedd572f4bd0e157ec1f8755bb66fe0518a4492

xz-debuginfo-5.2.4-4.el8_4.i686.rpm

SHA-256: 87f3758dabd04de95d85800d3909bd08a64bb4528372049f7bf881c7f079a425

xz-debuginfo-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 2b33586045fc9863fa5e30a5d00fff63e92c28e306a6cc1447e7893e1e4ab3f9

xz-debugsource-5.2.4-4.el8_4.i686.rpm

SHA-256: 404663121fd3750a52f808b10ae41c2a41404f3e16d96d70f159bfdf4b4fb6b5

xz-debugsource-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 6833d4d8d09b712065fd7eddbe80e6cdd82f40b75dd876b22344ba13332e393d

xz-devel-5.2.4-4.el8_4.i686.rpm

SHA-256: 50aede167a60530c2eb65ef07eed2a395037957431fd2884a053313d546bc5ec

xz-devel-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 33c1a56939845360d7a877d82450d784410cba34f5fc7a3ab9e740ab69d5c170

xz-libs-5.2.4-4.el8_4.i686.rpm

SHA-256: 4379316f845cd342a8890b4badf5af7670b04b3e28bf9af1af0a52f3bfaf8afd

xz-libs-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 56a96c8dba257dc1b52a2bc99683f3f744060fb9faa7df1dca6f8b5528300e6e

xz-libs-debuginfo-5.2.4-4.el8_4.i686.rpm

SHA-256: c3b1e8a85aec2736ceb340df6fce45f70a529cd61c6f4273c3a75d555628181a

xz-libs-debuginfo-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 2855427d2e9c7a438dfa275bd07dd087ba93cba00ee898f3fe348ccc35dbd12c

xz-lzma-compat-debuginfo-5.2.4-4.el8_4.i686.rpm

SHA-256: a0cbc00209a1de6394b1f15095409b52354fef6ceb3070a49303e0b82d89846d

xz-lzma-compat-debuginfo-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 8348211c6815ec8a9ddb68af5e191be5b5b55688217bddfe138361038ffa9dd5

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4

SRPM

x86_64

xz-debuginfo-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 2b33586045fc9863fa5e30a5d00fff63e92c28e306a6cc1447e7893e1e4ab3f9

xz-debugsource-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 6833d4d8d09b712065fd7eddbe80e6cdd82f40b75dd876b22344ba13332e393d

xz-libs-debuginfo-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 2855427d2e9c7a438dfa275bd07dd087ba93cba00ee898f3fe348ccc35dbd12c

xz-lzma-compat-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 6487a97f74d495ba5471f801a7ff6895aac7129b3aea84398004d4c8233baf7f

xz-lzma-compat-debuginfo-5.2.4-4.el8_4.x86_64.rpm

SHA-256: 8348211c6815ec8a9ddb68af5e191be5b5b55688217bddfe138361038ffa9dd5

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4

SRPM

ppc64le

xz-debuginfo-5.2.4-4.el8_4.ppc64le.rpm

SHA-256: 717cd2b625bf6f40e6c21f143473f40125ec10c00aa5e84013c3175e2f7b9e69

xz-debugsource-5.2.4-4.el8_4.ppc64le.rpm

SHA-256: 1c6864c13ed863088a0766eb79e1bfe185f79679b222676d02badddfa5dfd010

xz-libs-debuginfo-5.2.4-4.el8_4.ppc64le.rpm

SHA-256: d1299cc8502d7fac395beb9cd8e8ad18a869e7251c89aa1f9a3a3bcdcb837c44

xz-lzma-compat-5.2.4-4.el8_4.ppc64le.rpm

SHA-256: 15bf0fa4bf746ce83afb97fe108889b2e201f14478050956ed56ce82e892e399

xz-lzma-compat-debuginfo-5.2.4-4.el8_4.ppc64le.rpm

SHA-256: 2a496815e2b0b174ff6861cd587aa7a09254c01d017547ff46f36ec95ac3797c

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.4

SRPM

s390x

xz-debuginfo-5.2.4-4.el8_4.s390x.rpm

SHA-256: 96d194251d41be9b55ab40986d6fec4861aeb084124ae16fd4908473b0060e55

xz-debugsource-5.2.4-4.el8_4.s390x.rpm

SHA-256: 37e93a187e9135f092dffdf5940962543d0a4fbc112a8ec18ea7672fefe65793

xz-libs-debuginfo-5.2.4-4.el8_4.s390x.rpm

SHA-256: 3be3af18a311d68f457eed593074c86a7c8008e3a31a824ba20e21329b3d33d2

xz-lzma-compat-5.2.4-4.el8_4.s390x.rpm

SHA-256: 06959d477c2813cd45e3756266e2043a3969e0b8590652b8bca08a35b31d8b28

xz-lzma-compat-debuginfo-5.2.4-4.el8_4.s390x.rpm

SHA-256: 6b2a6a090e4f7577d9ffeb73fc5ce2dd1705b93b20291d51744231cd52dc4e23

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4

SRPM

aarch64

xz-debuginfo-5.2.4-4.el8_4.aarch64.rpm

SHA-256: b391d963e561af11631451510a28964b178e7809db04279192fb3e81de8ef655

xz-debugsource-5.2.4-4.el8_4.aarch64.rpm

SHA-256: 79db34cd21480e45dfb1bb019f57b44dbc2c9b380dec8c8244ae29bbbc4b32eb

xz-libs-debuginfo-5.2.4-4.el8_4.aarch64.rpm

SHA-256: 9b9ec211d41abb1995bbbb7dc3abd15c1d71a7676b221d5b091ebbcf9a600d12

xz-lzma-compat-5.2.4-4.el8_4.aarch64.rpm

SHA-256: d29f49973bed96dd8c3f8d9d0aa5ae803f6df8f59e4406cb10fa069e9d495724

xz-lzma-compat-debuginfo-5.2.4-4.el8_4.aarch64.rpm

SHA-256: 299af64241816265381525b98e90a464e2835a5958ea284be2f8ca8328f0f732

Related news

RHSA-2023:4053: Red Hat Security Advisory: OpenShift Container Platform 4.11.45 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21235: A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands o...

Red Hat Security Advisory 2023-1326-01

Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.

RHSA-2023:0786: Red Hat Security Advisory: Network observability 1.1.0 security update

Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0813: A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

RHSA-2022:6890: Red Hat Security Advisory: OpenShift Virtualization 4.8.7 Images bug fixes and security update

Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1798: kubeVirt: Arbitrary file read on the host from KubeVirt VMs

RHSA-2022:6681: Red Hat Security Advisory: OpenShift Virtualization 4.9.6 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1798: kubeVirt: Arbitrary file read on the host from KubeVirt VMs

Gentoo Linux Security Advisory 202209-01

Gentoo Linux Security Advisory 202209-1 - A vulnerability has been discovered in GNU Gzip and XZ Utils' grep helpers which could result in writes to arbitrary files. Versions less than 1.12 are affected.

Red Hat Security Advisory 2022-5070-01

Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.

RHSA-2022:5924: Red Hat Security Advisory: Service Telemetry Framework 1.4 security update

An update is now available for Service Telemetry Framework 1.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:5840: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.3 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1365: cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group

Red Hat Security Advisory 2022-5531-01

Red Hat Security Advisory 2022-5531-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs.

RHSA-2022:5556: Red Hat Security Advisory: Logging Subsystem 5.4.3 - Red Hat OpenShift security update

Logging Subsystem 5.4.3 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

RHSA-2022:5439: Red Hat Security Advisory: RHV-H security update (redhat-virtualization-host) 4.3.23

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs * CVE-2022-1271: gzip: arbitrary-file-write vulnerability * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root * CVE-2...

RHSA-2022:5392: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.3.11 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.3.11 general availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak * CVE-2022-21803: nconf: Prototype pollution in memory store * CVE-2022-23806: golang: crypto/elliptic IsOnCurv...

Red Hat Security Advisory 2022-5189-01

Red Hat Security Advisory 2022-5189-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.

Red Hat Security Advisory 2022-5152-01

Red Hat Security Advisory 2022-5152-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a cross site scripting vulnerability.

RHSA-2022:5132: Red Hat Security Advisory: RHACS 3.68 security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1902: stackrox: Improper sanitization allows users to retrieve Notifier secrets from GraphQL API in plaintext

Red Hat Security Advisory 2022-5006-01

Red Hat Security Advisory 2022-5006-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2022-4992-01

Red Hat Security Advisory 2022-4992-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.

Red Hat Security Advisory 2022-4993-01

Red Hat Security Advisory 2022-4993-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.

RHSA-2022:4992: Red Hat Security Advisory: xz security update

An update for xz is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability

RHSA-2022:4940: Red Hat Security Advisory: xz security update

An update for xz is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability

Red Hat Security Advisory 2022-4582-01

Red Hat Security Advisory 2022-4582-01 - The gzip packages contain the gzip data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times.

RHSA-2022:4896: Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update [ovirt-4.5.0]

An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2021-4083: kernel: fget: check that the fd still exists after getting a ref to it * CVE-2022-0778: openssl:...

Red Hat Security Advisory 2022-2264-01

Red Hat Security Advisory 2022-2264-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.6.58.

Red Hat Security Advisory 2022-2268-01

Red Hat Security Advisory 2022-2268-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.51.

Red Hat Security Advisory 2022-2283-01

Red Hat Security Advisory 2022-2283-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.35.

RHSA-2022:4582: Red Hat Security Advisory: gzip security update

An update for gzip is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability

RHSA-2022:2191: Red Hat Security Advisory: gzip security update

An update for gzip is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability

RHSA-2022:2216: Red Hat Security Advisory: Red Hat OpenShift Logging Security and Bug update Release 5.4.1

Logging Subsystem 5.4.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-37136: netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data * CVE-2021-37137: netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way * CVE-2021-43797: netty: control chars in header names may lead to HTTP request smuggling * CVE-2022-21698: prometheus/client_golang: Denial of service u...

RHSA-2022:2183: Red Hat Security Advisory: Release of containers for OSP 16.2.z director operator tech preview

Red Hat OpenStack Platform 16.2 (Train) director Operator containers are available for technology preview.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2019-11253: kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote denial of service * CVE-2019-19794: golang-github-miekg-dns: predictable TXID can lead to response forgeries * CVE-2020-15257: containerd: unrestricted access to abstract Unix domain socket can lead to privileges escalation * CVE-2021-29482: ulikunitz/xz: Infinite loop in readUvarint allows for denial of service * CVE-2021-32760: containerd: pulling and extracting crafted container image may result in Unix file permission changes