Headline
RHSA-2022:4992: Red Hat Security Advisory: xz security update
An update for xz is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-1271: gzip: arbitrary-file-write vulnerability
Synopsis
Important: xz security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for xz is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.
Security Fix(es):
- gzip: arbitrary-file-write vulnerability (CVE-2022-1271)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
- Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.2 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.2 ppc64le
- Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.2 s390x
- Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.2 aarch64
Fixes
- BZ - 2073310 - CVE-2022-1271 gzip: arbitrary-file-write vulnerability
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2
SRPM
xz-5.2.4-4.el8_2.src.rpm
SHA-256: 5206db38df3d0d36ca9468616a9ebdff482ee59ebb98cb4795b0d7e615059add
x86_64
xz-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 376be7c5a400295092ef517184b7700a7dd79e34d824b645758f905b6a298382
xz-debuginfo-5.2.4-4.el8_2.i686.rpm
SHA-256: 21d4af297b95e4a4f09ae5bbe8e54f8cfacd6da86d36a134e341ca787f4c4ea5
xz-debuginfo-5.2.4-4.el8_2.x86_64.rpm
SHA-256: e9ec0fb04760aadb2a0c5d356005af30d01b1e6ca835cd5e6fc00071d7625790
xz-debugsource-5.2.4-4.el8_2.i686.rpm
SHA-256: f563edf3f75e9411181a06c888c80a92be2b6cf464768a72d99279dcc3013c77
xz-debugsource-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 098b04530de81820a38e319d9139ad29107b9bd0ed6f49c76446dc15ebda5977
xz-devel-5.2.4-4.el8_2.i686.rpm
SHA-256: f7c801236eac1c02ee590371f5efad9abce7cce36f92f6f35117cf7b86ebd7e5
xz-devel-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 9626af9fed6b7abda55de2745981ce99191591ead3a6a5aaa1afd948ae979208
xz-libs-5.2.4-4.el8_2.i686.rpm
SHA-256: adf16846d646ed06689128c4312ef587da20d79c2d5b79c37df7b8530eedd1bb
xz-libs-5.2.4-4.el8_2.x86_64.rpm
SHA-256: e1d57d8b1ae62f51c22a632c02b3511ac78ef4c45a5ba6127f46cdd52bcf63a3
xz-libs-debuginfo-5.2.4-4.el8_2.i686.rpm
SHA-256: 47036e310e923b980bce95f7d5d3c49edb58b20895d5b24bd490282ebf8da021
xz-libs-debuginfo-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 1e1a8fa1f1347b857fd3426cffd6a6cec4dc3bc66b7a352df28001a86da86d2a
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.i686.rpm
SHA-256: 4da27bfb80d422585aaab32c075d767e5a40f4809d87e22985f840ace806e3aa
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 4aee3590117b4fc81741bbc01d9ffd7f14b90576fcecbe60ccc4cf50dc0880ec
Red Hat Enterprise Linux Server - AUS 8.2
SRPM
xz-5.2.4-4.el8_2.src.rpm
SHA-256: 5206db38df3d0d36ca9468616a9ebdff482ee59ebb98cb4795b0d7e615059add
x86_64
xz-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 376be7c5a400295092ef517184b7700a7dd79e34d824b645758f905b6a298382
xz-debuginfo-5.2.4-4.el8_2.i686.rpm
SHA-256: 21d4af297b95e4a4f09ae5bbe8e54f8cfacd6da86d36a134e341ca787f4c4ea5
xz-debuginfo-5.2.4-4.el8_2.x86_64.rpm
SHA-256: e9ec0fb04760aadb2a0c5d356005af30d01b1e6ca835cd5e6fc00071d7625790
xz-debugsource-5.2.4-4.el8_2.i686.rpm
SHA-256: f563edf3f75e9411181a06c888c80a92be2b6cf464768a72d99279dcc3013c77
xz-debugsource-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 098b04530de81820a38e319d9139ad29107b9bd0ed6f49c76446dc15ebda5977
xz-devel-5.2.4-4.el8_2.i686.rpm
SHA-256: f7c801236eac1c02ee590371f5efad9abce7cce36f92f6f35117cf7b86ebd7e5
xz-devel-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 9626af9fed6b7abda55de2745981ce99191591ead3a6a5aaa1afd948ae979208
xz-libs-5.2.4-4.el8_2.i686.rpm
SHA-256: adf16846d646ed06689128c4312ef587da20d79c2d5b79c37df7b8530eedd1bb
xz-libs-5.2.4-4.el8_2.x86_64.rpm
SHA-256: e1d57d8b1ae62f51c22a632c02b3511ac78ef4c45a5ba6127f46cdd52bcf63a3
xz-libs-debuginfo-5.2.4-4.el8_2.i686.rpm
SHA-256: 47036e310e923b980bce95f7d5d3c49edb58b20895d5b24bd490282ebf8da021
xz-libs-debuginfo-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 1e1a8fa1f1347b857fd3426cffd6a6cec4dc3bc66b7a352df28001a86da86d2a
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.i686.rpm
SHA-256: 4da27bfb80d422585aaab32c075d767e5a40f4809d87e22985f840ace806e3aa
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 4aee3590117b4fc81741bbc01d9ffd7f14b90576fcecbe60ccc4cf50dc0880ec
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2
SRPM
xz-5.2.4-4.el8_2.src.rpm
SHA-256: 5206db38df3d0d36ca9468616a9ebdff482ee59ebb98cb4795b0d7e615059add
s390x
xz-5.2.4-4.el8_2.s390x.rpm
SHA-256: ddfb1e619e7257e1184bd715c7aecb662c00ab22ec8a89c1f77c24dacef65f1e
xz-debuginfo-5.2.4-4.el8_2.s390x.rpm
SHA-256: 2044c5b12eb4ddf75a3fb5e5891102d1a69479292b857712fd94f7f16c79124e
xz-debugsource-5.2.4-4.el8_2.s390x.rpm
SHA-256: 665a99e53175df8b9ea5cecff903e29bf0f46a23f1507747c2327e318518f2f5
xz-devel-5.2.4-4.el8_2.s390x.rpm
SHA-256: 65a3b2229cd640275ce75e82dd38ba12e434582ccee77dcf7747d04cd56110fc
xz-libs-5.2.4-4.el8_2.s390x.rpm
SHA-256: 2b06cc4e5f953c7e2c0fba5d6f05495458391746d79992de55407fafdf8ff4d4
xz-libs-debuginfo-5.2.4-4.el8_2.s390x.rpm
SHA-256: 5d066ab7ff8f401c757ce1c188044af0293866cda47e517e4f37f0339d9ed9ee
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.s390x.rpm
SHA-256: fcc7efa312605f3203cf12c07327fccd7264fb66fa847dd899997ff9036f754a
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2
SRPM
xz-5.2.4-4.el8_2.src.rpm
SHA-256: 5206db38df3d0d36ca9468616a9ebdff482ee59ebb98cb4795b0d7e615059add
ppc64le
xz-5.2.4-4.el8_2.ppc64le.rpm
SHA-256: f82167e6cc9d98fdeb67c1844e9fba5570144f9cafa163f7683de5e18dd554b9
xz-debuginfo-5.2.4-4.el8_2.ppc64le.rpm
SHA-256: 442f498be2f5dfd740a0942fb2f62fb3ae83d43e7edc7188004a8685026fd91e
xz-debugsource-5.2.4-4.el8_2.ppc64le.rpm
SHA-256: cff4033b9d243ec3bf40f56552b9e74dedb2e694d7137c5f500dea8b2498e5d6
xz-devel-5.2.4-4.el8_2.ppc64le.rpm
SHA-256: 29ae8cc5fa9d1b47a0c76440b7fb1b33f51195a26cf5e397075ca7a34afec12c
xz-libs-5.2.4-4.el8_2.ppc64le.rpm
SHA-256: bf20a6c4691d4c8ec26e605e69304559c6f6abcfee937e50c5391bc9a318e12a
xz-libs-debuginfo-5.2.4-4.el8_2.ppc64le.rpm
SHA-256: 3021d58292b98a1a1061a8af6a3b96f6f83748d65ada1b210b62343dff77d646
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.ppc64le.rpm
SHA-256: 4c1b06bf74ca2dda2b0d6b62edbe9b520c2ec8123d4af1a9cc315b19d1a77d71
Red Hat Enterprise Linux Server - TUS 8.2
SRPM
xz-5.2.4-4.el8_2.src.rpm
SHA-256: 5206db38df3d0d36ca9468616a9ebdff482ee59ebb98cb4795b0d7e615059add
x86_64
xz-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 376be7c5a400295092ef517184b7700a7dd79e34d824b645758f905b6a298382
xz-debuginfo-5.2.4-4.el8_2.i686.rpm
SHA-256: 21d4af297b95e4a4f09ae5bbe8e54f8cfacd6da86d36a134e341ca787f4c4ea5
xz-debuginfo-5.2.4-4.el8_2.x86_64.rpm
SHA-256: e9ec0fb04760aadb2a0c5d356005af30d01b1e6ca835cd5e6fc00071d7625790
xz-debugsource-5.2.4-4.el8_2.i686.rpm
SHA-256: f563edf3f75e9411181a06c888c80a92be2b6cf464768a72d99279dcc3013c77
xz-debugsource-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 098b04530de81820a38e319d9139ad29107b9bd0ed6f49c76446dc15ebda5977
xz-devel-5.2.4-4.el8_2.i686.rpm
SHA-256: f7c801236eac1c02ee590371f5efad9abce7cce36f92f6f35117cf7b86ebd7e5
xz-devel-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 9626af9fed6b7abda55de2745981ce99191591ead3a6a5aaa1afd948ae979208
xz-libs-5.2.4-4.el8_2.i686.rpm
SHA-256: adf16846d646ed06689128c4312ef587da20d79c2d5b79c37df7b8530eedd1bb
xz-libs-5.2.4-4.el8_2.x86_64.rpm
SHA-256: e1d57d8b1ae62f51c22a632c02b3511ac78ef4c45a5ba6127f46cdd52bcf63a3
xz-libs-debuginfo-5.2.4-4.el8_2.i686.rpm
SHA-256: 47036e310e923b980bce95f7d5d3c49edb58b20895d5b24bd490282ebf8da021
xz-libs-debuginfo-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 1e1a8fa1f1347b857fd3426cffd6a6cec4dc3bc66b7a352df28001a86da86d2a
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.i686.rpm
SHA-256: 4da27bfb80d422585aaab32c075d767e5a40f4809d87e22985f840ace806e3aa
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 4aee3590117b4fc81741bbc01d9ffd7f14b90576fcecbe60ccc4cf50dc0880ec
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2
SRPM
xz-5.2.4-4.el8_2.src.rpm
SHA-256: 5206db38df3d0d36ca9468616a9ebdff482ee59ebb98cb4795b0d7e615059add
aarch64
xz-5.2.4-4.el8_2.aarch64.rpm
SHA-256: 5622a7651664c2a6ce79a545722a89276fb7041d4540c5cdb2f0dc4c0d610da4
xz-debuginfo-5.2.4-4.el8_2.aarch64.rpm
SHA-256: 49badb1c97357da8bc9e7b54c1710aa4c3da03ea2b41e00061dec5218ca57c30
xz-debugsource-5.2.4-4.el8_2.aarch64.rpm
SHA-256: 1c6f692f4d2e2ef36fc25a0dcde42dc8ec013cb5559495404d7482c812c1ce63
xz-devel-5.2.4-4.el8_2.aarch64.rpm
SHA-256: dbabc609ffa27552bd891e2d95988e02297f82eb88958d07a1f1c76a4407b337
xz-libs-5.2.4-4.el8_2.aarch64.rpm
SHA-256: bd450ea00792fb6ffdc75ff69c6d1092b398b167d28e103056aff67e0983c37b
xz-libs-debuginfo-5.2.4-4.el8_2.aarch64.rpm
SHA-256: 60f882b28e015e497c171dc00aec43e2275cf39b7c329317d9ed08f7cd0786ee
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.aarch64.rpm
SHA-256: 4e804e8105f9a45a188df5e28d02550975ca5e4363891f900516b0e16b2725b4
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2
SRPM
xz-5.2.4-4.el8_2.src.rpm
SHA-256: 5206db38df3d0d36ca9468616a9ebdff482ee59ebb98cb4795b0d7e615059add
ppc64le
xz-5.2.4-4.el8_2.ppc64le.rpm
SHA-256: f82167e6cc9d98fdeb67c1844e9fba5570144f9cafa163f7683de5e18dd554b9
xz-debuginfo-5.2.4-4.el8_2.ppc64le.rpm
SHA-256: 442f498be2f5dfd740a0942fb2f62fb3ae83d43e7edc7188004a8685026fd91e
xz-debugsource-5.2.4-4.el8_2.ppc64le.rpm
SHA-256: cff4033b9d243ec3bf40f56552b9e74dedb2e694d7137c5f500dea8b2498e5d6
xz-devel-5.2.4-4.el8_2.ppc64le.rpm
SHA-256: 29ae8cc5fa9d1b47a0c76440b7fb1b33f51195a26cf5e397075ca7a34afec12c
xz-libs-5.2.4-4.el8_2.ppc64le.rpm
SHA-256: bf20a6c4691d4c8ec26e605e69304559c6f6abcfee937e50c5391bc9a318e12a
xz-libs-debuginfo-5.2.4-4.el8_2.ppc64le.rpm
SHA-256: 3021d58292b98a1a1061a8af6a3b96f6f83748d65ada1b210b62343dff77d646
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.ppc64le.rpm
SHA-256: 4c1b06bf74ca2dda2b0d6b62edbe9b520c2ec8123d4af1a9cc315b19d1a77d71
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2
SRPM
xz-5.2.4-4.el8_2.src.rpm
SHA-256: 5206db38df3d0d36ca9468616a9ebdff482ee59ebb98cb4795b0d7e615059add
x86_64
xz-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 376be7c5a400295092ef517184b7700a7dd79e34d824b645758f905b6a298382
xz-debuginfo-5.2.4-4.el8_2.i686.rpm
SHA-256: 21d4af297b95e4a4f09ae5bbe8e54f8cfacd6da86d36a134e341ca787f4c4ea5
xz-debuginfo-5.2.4-4.el8_2.x86_64.rpm
SHA-256: e9ec0fb04760aadb2a0c5d356005af30d01b1e6ca835cd5e6fc00071d7625790
xz-debugsource-5.2.4-4.el8_2.i686.rpm
SHA-256: f563edf3f75e9411181a06c888c80a92be2b6cf464768a72d99279dcc3013c77
xz-debugsource-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 098b04530de81820a38e319d9139ad29107b9bd0ed6f49c76446dc15ebda5977
xz-devel-5.2.4-4.el8_2.i686.rpm
SHA-256: f7c801236eac1c02ee590371f5efad9abce7cce36f92f6f35117cf7b86ebd7e5
xz-devel-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 9626af9fed6b7abda55de2745981ce99191591ead3a6a5aaa1afd948ae979208
xz-libs-5.2.4-4.el8_2.i686.rpm
SHA-256: adf16846d646ed06689128c4312ef587da20d79c2d5b79c37df7b8530eedd1bb
xz-libs-5.2.4-4.el8_2.x86_64.rpm
SHA-256: e1d57d8b1ae62f51c22a632c02b3511ac78ef4c45a5ba6127f46cdd52bcf63a3
xz-libs-debuginfo-5.2.4-4.el8_2.i686.rpm
SHA-256: 47036e310e923b980bce95f7d5d3c49edb58b20895d5b24bd490282ebf8da021
xz-libs-debuginfo-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 1e1a8fa1f1347b857fd3426cffd6a6cec4dc3bc66b7a352df28001a86da86d2a
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.i686.rpm
SHA-256: 4da27bfb80d422585aaab32c075d767e5a40f4809d87e22985f840ace806e3aa
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 4aee3590117b4fc81741bbc01d9ffd7f14b90576fcecbe60ccc4cf50dc0880ec
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.2
SRPM
x86_64
xz-debuginfo-5.2.4-4.el8_2.x86_64.rpm
SHA-256: e9ec0fb04760aadb2a0c5d356005af30d01b1e6ca835cd5e6fc00071d7625790
xz-debugsource-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 098b04530de81820a38e319d9139ad29107b9bd0ed6f49c76446dc15ebda5977
xz-libs-debuginfo-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 1e1a8fa1f1347b857fd3426cffd6a6cec4dc3bc66b7a352df28001a86da86d2a
xz-lzma-compat-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 515a89e312c7d3da72b888f0f174e01104111eda48551154118b5e6d0ac7dcc4
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.x86_64.rpm
SHA-256: 4aee3590117b4fc81741bbc01d9ffd7f14b90576fcecbe60ccc4cf50dc0880ec
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.2
SRPM
ppc64le
xz-debuginfo-5.2.4-4.el8_2.ppc64le.rpm
SHA-256: 442f498be2f5dfd740a0942fb2f62fb3ae83d43e7edc7188004a8685026fd91e
xz-debugsource-5.2.4-4.el8_2.ppc64le.rpm
SHA-256: cff4033b9d243ec3bf40f56552b9e74dedb2e694d7137c5f500dea8b2498e5d6
xz-libs-debuginfo-5.2.4-4.el8_2.ppc64le.rpm
SHA-256: 3021d58292b98a1a1061a8af6a3b96f6f83748d65ada1b210b62343dff77d646
xz-lzma-compat-5.2.4-4.el8_2.ppc64le.rpm
SHA-256: 77d703bb7a903b213ae294751d85c23a83ecc0bb55bcd8739b35a689a989270a
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.ppc64le.rpm
SHA-256: 4c1b06bf74ca2dda2b0d6b62edbe9b520c2ec8123d4af1a9cc315b19d1a77d71
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.2
SRPM
s390x
xz-debuginfo-5.2.4-4.el8_2.s390x.rpm
SHA-256: 2044c5b12eb4ddf75a3fb5e5891102d1a69479292b857712fd94f7f16c79124e
xz-debugsource-5.2.4-4.el8_2.s390x.rpm
SHA-256: 665a99e53175df8b9ea5cecff903e29bf0f46a23f1507747c2327e318518f2f5
xz-libs-debuginfo-5.2.4-4.el8_2.s390x.rpm
SHA-256: 5d066ab7ff8f401c757ce1c188044af0293866cda47e517e4f37f0339d9ed9ee
xz-lzma-compat-5.2.4-4.el8_2.s390x.rpm
SHA-256: c874310301e758e0438a7c312bd42c5f5c95a2c13670056bcf55018752435a19
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.s390x.rpm
SHA-256: fcc7efa312605f3203cf12c07327fccd7264fb66fa847dd899997ff9036f754a
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.2
SRPM
aarch64
xz-debuginfo-5.2.4-4.el8_2.aarch64.rpm
SHA-256: 49badb1c97357da8bc9e7b54c1710aa4c3da03ea2b41e00061dec5218ca57c30
xz-debugsource-5.2.4-4.el8_2.aarch64.rpm
SHA-256: 1c6f692f4d2e2ef36fc25a0dcde42dc8ec013cb5559495404d7482c812c1ce63
xz-libs-debuginfo-5.2.4-4.el8_2.aarch64.rpm
SHA-256: 60f882b28e015e497c171dc00aec43e2275cf39b7c329317d9ed08f7cd0786ee
xz-lzma-compat-5.2.4-4.el8_2.aarch64.rpm
SHA-256: 868e9b0d786fb573ade26754366569b6b16862275634cf6e93eb6dc6c03e7d9c
xz-lzma-compat-debuginfo-5.2.4-4.el8_2.aarch64.rpm
SHA-256: 4e804e8105f9a45a188df5e28d02550975ca5e4363891f900516b0e16b2725b4
Related news
Red Hat OpenShift Container Platform release 4.11.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21235: A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands o...
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...
Red Hat Security Advisory 2023-0786-01 - Network observability is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Red Hat Security Advisory 2022-6890-01 - Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat OpenShift Virtualization release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1798: kubeVirt: Arbitrary file read on the host from KubeVirt VMs
Gentoo Linux Security Advisory 202209-1 - A vulnerability has been discovered in GNU Gzip and XZ Utils' grep helpers which could result in writes to arbitrary files. Versions less than 1.12 are affected.
Red Hat OpenShift Container Platform release 3.11.784 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-39226: grafana: Snapshot authentication bypass
Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.
Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2021-23648: sanitize-url: XSS * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-44906:...
Red Hat Security Advisory 2022-5909-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-5908-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-5556-01 - Logging Subsystem 5.4.3 has security updates. Issues addressed include denial of service and out of bounds read vulnerabilities.
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).
The Migration Toolkit for Containers (MTC) 1.7.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak
Red Hat Security Advisory 2022-5153-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a cross site scripting vulnerability.
Red Hat Security Advisory 2022-5189-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.
An update is now available for Red Hat OpenShift GitOps 1.3 on OpenShift 4.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31016: argocd: vulnerable to an uncontrolled memory consumption bug * CVE-2022-31034: argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI. * CVE-2022-31035: argocd: cross-site scripting (XSS) allow a malicious user to inject a javascript link in the UI * CVE-2022-31036: argocd: vulnerable to a...
Red Hat Security Advisory 2022-5132-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.
Red Hat Security Advisory 2022-5052-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.
Red Hat Security Advisory 2022-4991-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.
An update for xz is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability
An update for xz is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug fixes and feature improvements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23820: json-pointer: type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion
Red Hat Security Advisory 2022-4814-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include denial of service and memory exhaustion vulnerabilities.
The Migration Toolkit for Containers (MTC) 1.6.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-39293: golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)
Red Hat Security Advisory 2022-2265-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.58.
Red Hat Security Advisory 2022-2272-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.41.
Red Hat OpenShift Container Platform release 4.8.41 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1677: openshift/router: route hijacking attack via crafted HAProxy configuration file
Red Hat Security Advisory 2022-2216-01 - Logging Subsystem 5.4.1 - Red Hat OpenShift. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Openshift Logging Bug Fix Release (5.3.7) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-37136: netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data * CVE-2021-37137: netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way * CVE-2021-43797: netty: control chars in header names may lead to HTTP request smuggling * CVE-2022-0759: kubeclient: kubeconfig parsing error can lead to...
Openshift Logging Bug Fix Release (5.2.10) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-37136: netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data * CVE-2021-37137: netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way * CVE-2021-43797: netty: control chars in header names may lead to HTTP request smuggling * CVE-2022-0759: kubeclient: kubeconfig parsing error can lead t...