oss-sec mailing list archives
zgrep, xzgrep: arbitrary-file-write vulnerability
From: Jim Meyering <jim () meyering net>
Date: Thu, 07 Apr 2022 11:44:36 -0700
All previous versions of gzip and xzutils are affected. xzutils released this patch today: https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch.sig gzip-1.12 was released today, with the fix: https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html https://ftp.gnu.org/gnu/gzip/gzip-1.12.tar.xz https://ftp.gnu.org/gnu/gzip/gzip-1.12.tar.xz.sig
Attachment:
signature.asc
Description:
Current thread:
- zgrep, xzgrep: arbitrary-file-write vulnerability Jim Meyering (Apr 07)
- Re: zgrep, xzgrep: arbitrary-file-write vulnerability Jakub Wilk (Apr 08)
- Re: zgrep, xzgrep: arbitrary-file-write vulnerability Axel Beckert (Apr 08)
- Re: zgrep, xzgrep: arbitrary-file-write vulnerability Levente Polyak (Apr 08)
- Re: zgrep, xzgrep: arbitrary-file-write vulnerability Jakub Wilk (Apr 08)