Bug 2073310 (CVE-2022-1271) - CVE-2022-1271 gzip: arbitrary-file-write vulnerability
Summary: CVE-2022-1271 gzip: arbitrary-file-write vulnerability
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-1271
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2101418 2073312 2073335 2073336 2073337 2073338 2073339 2073340 2073341 2073342 2073343 2074385 2074386 2074469 2091842 2091843 2091844 2091845 2091846 2091847 2091848 2091849 2091850 2091851 2101417
Blocks: 2073314
TreeView+ depends on / blocked
 
Reported: 2022-04-08 08:04 UTC by Vipul Nair
Modified: 2024-03-15 02:59 UTC (History)
52 users (show)

Fixed In Version: gzip 1.12
Doc Type: If docs needed, set a value
Doc Text:
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
Clone Of:
Environment:
Last Closed: 2022-07-01 14:42:25 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:1651 0 None None None 2022-05-02 01:18:29 UTC
Red Hat Product Errata RHBA-2022:1652 0 None None None 2022-05-02 01:27:18 UTC
Red Hat Product Errata RHBA-2022:1654 0 None None None 2022-05-02 01:27:48 UTC
Red Hat Product Errata RHBA-2022:1655 0 None None None 2022-05-02 01:13:41 UTC
Red Hat Product Errata RHBA-2022:1666 0 None None None 2022-05-02 09:46:42 UTC
Red Hat Product Errata RHBA-2022:1677 0 None None None 2022-05-03 06:53:13 UTC
Red Hat Product Errata RHBA-2022:1688 0 None None None 2022-05-04 08:05:38 UTC
Red Hat Product Errata RHBA-2022:1714 0 None None None 2022-05-04 15:22:21 UTC
Red Hat Product Errata RHBA-2022:1735 0 None None None 2022-05-05 14:21:44 UTC
Red Hat Product Errata RHBA-2022:1742 0 None None None 2022-05-06 17:33:20 UTC
Red Hat Product Errata RHBA-2022:2185 0 None None None 2022-05-11 12:16:25 UTC
Red Hat Product Errata RHBA-2022:2225 0 None None None 2022-05-12 03:39:11 UTC
Red Hat Product Errata RHBA-2022:2226 0 None None None 2022-05-12 03:42:26 UTC
Red Hat Product Errata RHBA-2022:2230 0 None Closed multipathd issue 2022-05-31 12:04:58 UTC
Red Hat Product Errata RHBA-2022:2231 0 None None None 2022-05-12 14:07:11 UTC
Red Hat Product Errata RHBA-2022:2239 0 None None None 2022-05-16 13:53:35 UTC
Red Hat Product Errata RHBA-2022:4713 0 None None None 2022-05-23 19:01:24 UTC
Red Hat Product Errata RHBA-2022:4727 0 None None None 2022-05-24 14:15:39 UTC
Red Hat Product Errata RHBA-2022:4859 0 None None None 2022-06-01 10:58:28 UTC
Red Hat Product Errata RHBA-2022:5014 0 None None None 2022-06-14 02:45:52 UTC
Red Hat Product Errata RHBA-2022:5015 0 None None None 2022-06-14 04:01:28 UTC
Red Hat Product Errata RHBA-2022:5016 0 None None None 2022-06-14 03:49:16 UTC
Red Hat Product Errata RHBA-2022:5017 0 None None None 2022-06-14 04:14:13 UTC
Red Hat Product Errata RHBA-2022:5018 0 None None None 2022-06-14 13:29:49 UTC
Red Hat Product Errata RHBA-2022:5019 0 None None None 2022-06-14 13:05:29 UTC
Red Hat Product Errata RHBA-2022:5021 0 None None None 2022-06-15 22:11:35 UTC
Red Hat Product Errata RHBA-2022:5022 0 None None None 2022-06-15 22:03:03 UTC
Red Hat Product Errata RHBA-2022:5024 0 None None None 2022-06-14 14:46:12 UTC
Red Hat Product Errata RHBA-2022:5025 0 None None None 2022-06-14 14:11:23 UTC
Red Hat Product Errata RHBA-2022:5028 0 None None None 2022-06-15 22:05:03 UTC
Red Hat Product Errata RHBA-2022:5035 0 None None None 2022-06-14 18:28:27 UTC
Red Hat Product Errata RHBA-2022:5036 0 None None None 2022-06-14 18:53:21 UTC
Red Hat Product Errata RHBA-2022:5037 0 None None None 2022-06-14 18:52:31 UTC
Red Hat Product Errata RHBA-2022:5038 0 None None None 2022-06-14 18:31:19 UTC
Red Hat Product Errata RHBA-2022:5045 0 None None None 2022-06-15 18:54:15 UTC
Red Hat Product Errata RHBA-2022:5048 0 None None None 2022-06-15 18:55:07 UTC
Red Hat Product Errata RHBA-2022:5049 0 None None None 2022-06-15 08:08:38 UTC
Red Hat Product Errata RHBA-2022:5059 0 None None None 2022-06-15 15:21:03 UTC
Red Hat Product Errata RHBA-2022:5060 0 None None None 2022-06-15 15:25:38 UTC
Red Hat Product Errata RHBA-2022:5074 0 None None None 2022-06-15 19:18:43 UTC
Red Hat Product Errata RHBA-2022:5075 0 None None None 2022-06-15 19:28:09 UTC
Red Hat Product Errata RHBA-2022:5076 0 None None None 2022-06-16 01:35:54 UTC
Red Hat Product Errata RHBA-2022:5077 0 None None None 2022-06-16 01:38:25 UTC
Red Hat Product Errata RHBA-2022:5078 0 None None None 2022-06-16 07:14:04 UTC
Red Hat Product Errata RHBA-2022:5079 0 None None None 2022-06-16 08:56:25 UTC
Red Hat Product Errata RHBA-2022:5080 0 None None None 2022-06-16 10:52:50 UTC
Red Hat Product Errata RHBA-2022:5082 0 None None None 2022-06-16 10:55:07 UTC
Red Hat Product Errata RHBA-2022:5083 0 None None None 2022-06-16 10:58:14 UTC
Red Hat Product Errata RHBA-2022:5084 0 None None None 2022-06-16 11:45:02 UTC
Red Hat Product Errata RHBA-2022:5085 0 None None None 2022-06-16 11:02:40 UTC
Red Hat Product Errata RHBA-2022:5093 0 None None None 2022-06-16 14:30:28 UTC
Red Hat Product Errata RHBA-2022:5094 0 None None None 2022-06-16 13:20:07 UTC
Red Hat Product Errata RHBA-2022:5102 0 None None None 2022-06-16 16:23:39 UTC
Red Hat Product Errata RHBA-2022:5107 0 None None None 2022-06-16 22:49:28 UTC
Red Hat Product Errata RHBA-2022:5108 0 None None None 2022-06-17 05:36:20 UTC
Red Hat Product Errata RHBA-2022:5118 0 None None None 2022-06-20 01:13:58 UTC
Red Hat Product Errata RHBA-2022:5119 0 None None None 2022-06-20 01:33:39 UTC
Red Hat Product Errata RHBA-2022:5120 0 None None None 2022-06-20 01:22:29 UTC
Red Hat Product Errata RHBA-2022:5122 0 None None None 2022-06-20 01:48:31 UTC
Red Hat Product Errata RHBA-2022:5123 0 None None None 2022-06-20 01:52:30 UTC
Red Hat Product Errata RHBA-2022:5124 0 None None None 2022-06-20 09:32:41 UTC
Red Hat Product Errata RHBA-2022:5129 0 None None None 2022-06-20 12:26:01 UTC
Red Hat Product Errata RHBA-2022:5130 0 None None None 2022-06-20 12:16:37 UTC
Red Hat Product Errata RHBA-2022:5131 0 None None None 2022-06-20 12:45:49 UTC
Red Hat Product Errata RHBA-2022:5134 0 None None None 2022-06-21 09:55:45 UTC
Red Hat Product Errata RHBA-2022:5135 0 None None None 2022-06-21 11:49:27 UTC
Red Hat Product Errata RHBA-2022:5136 0 None None None 2022-06-21 11:38:54 UTC
Red Hat Product Errata RHBA-2022:5145 0 None None None 2022-06-21 16:30:25 UTC
Red Hat Product Errata RHBA-2022:5146 0 None None None 2022-06-21 14:45:13 UTC
Red Hat Product Errata RHBA-2022:5148 0 None None None 2022-06-21 15:35:37 UTC
Red Hat Product Errata RHBA-2022:5149 0 None None None 2022-06-21 17:24:07 UTC
Red Hat Product Errata RHBA-2022:5150 0 None None None 2022-06-21 14:33:59 UTC
Red Hat Product Errata RHBA-2022:5178 0 None None None 2022-06-22 19:59:38 UTC
Red Hat Product Errata RHBA-2022:5195 0 None None None 2022-06-27 11:38:20 UTC
Red Hat Product Errata RHBA-2022:5198 0 None None None 2022-06-27 11:33:34 UTC
Red Hat Product Errata RHBA-2022:5202 0 None None None 2022-06-27 16:37:20 UTC
Red Hat Product Errata RHBA-2022:5208 0 None None None 2022-06-27 15:50:30 UTC
Red Hat Product Errata RHBA-2022:5211 0 None None None 2022-06-27 16:49:07 UTC
Red Hat Product Errata RHBA-2022:5412 0 None None None 2022-06-28 17:33:04 UTC
Red Hat Product Errata RHBA-2022:5413 0 None None None 2022-06-28 18:18:34 UTC
Red Hat Product Errata RHBA-2022:5416 0 None None None 2022-06-28 19:15:09 UTC
Red Hat Product Errata RHBA-2022:5432 0 None None None 2022-06-29 22:16:16 UTC
Red Hat Product Errata RHBA-2022:5438 0 None None None 2022-06-30 07:23:20 UTC
Red Hat Product Errata RHBA-2022:5451 0 None None None 2022-06-30 18:01:33 UTC
Red Hat Product Errata RHBA-2022:5502 0 None None None 2022-07-05 23:37:54 UTC
Red Hat Product Errata RHBA-2022:5523 0 None None None 2022-07-07 08:00:53 UTC
Red Hat Product Errata RHBA-2022:5536 0 None None None 2022-07-07 18:55:58 UTC
Red Hat Product Errata RHBA-2022:5543 0 None None None 2022-07-11 14:03:25 UTC
Red Hat Product Errata RHBA-2022:5550 0 None None None 2022-07-12 10:58:28 UTC
Red Hat Product Errata RHBA-2022:5553 0 None None None 2022-07-12 14:19:25 UTC
Red Hat Product Errata RHBA-2022:5554 0 None None None 2022-07-12 14:01:58 UTC
Red Hat Product Errata RHBA-2022:5575 0 None None None 2022-07-14 15:34:55 UTC
Red Hat Product Errata RHBA-2022:5579 0 None None None 2022-07-13 15:21:33 UTC
Red Hat Product Errata RHBA-2022:5580 0 None None None 2022-07-13 15:15:07 UTC
Red Hat Product Errata RHBA-2022:5592 0 None None None 2022-07-14 15:14:46 UTC
Red Hat Product Errata RHBA-2022:5594 0 None None None 2022-07-18 11:16:14 UTC
Red Hat Product Errata RHBA-2022:5595 0 None None None 2022-07-18 11:16:27 UTC
Red Hat Product Errata RHBA-2022:5598 0 None None None 2022-07-18 14:56:53 UTC
Red Hat Product Errata RHBA-2022:5599 0 None None None 2022-07-18 14:57:00 UTC
Red Hat Product Errata RHBA-2022:5600 0 None None None 2022-07-18 20:41:48 UTC
Red Hat Product Errata RHBA-2022:5680 0 None None None 2022-07-21 13:41:20 UTC
Red Hat Product Errata RHBA-2022:8633 0 None None None 2022-11-28 01:51:37 UTC
Red Hat Product Errata RHSA-2022:1537 0 None None None 2022-04-26 16:45:56 UTC
Red Hat Product Errata RHSA-2022:1592 0 None None None 2022-04-26 17:12:12 UTC
Red Hat Product Errata RHSA-2022:1665 0 None None None 2022-05-02 08:10:02 UTC
Red Hat Product Errata RHSA-2022:1676 0 None None None 2022-05-03 07:04:33 UTC
Red Hat Product Errata RHSA-2022:2191 0 None None None 2022-05-11 19:18:42 UTC
Red Hat Product Errata RHSA-2022:4582 0 None None None 2022-05-17 23:39:46 UTC
Red Hat Product Errata RHSA-2022:4896 0 None None None 2022-06-03 13:48:44 UTC
Red Hat Product Errata RHSA-2022:4940 0 None None None 2022-06-08 09:46:52 UTC
Red Hat Product Errata RHSA-2022:4991 0 None None None 2022-06-13 09:18:33 UTC
Red Hat Product Errata RHSA-2022:4992 0 None None None 2022-06-13 09:17:54 UTC
Red Hat Product Errata RHSA-2022:4993 0 None None None 2022-06-13 09:33:58 UTC
Red Hat Product Errata RHSA-2022:4994 0 None None None 2022-06-13 07:44:26 UTC
Red Hat Product Errata RHSA-2022:5052 0 None None None 2022-06-15 11:12:02 UTC
Red Hat Product Errata RHSA-2022:5439 0 None None None 2022-06-30 07:31:51 UTC

Description Vipul Nair 2022-04-08 08:04:41 UTC 
The following vulnerability was published for xz-utils and gzip
The bug would result in arbitrary-file-write vulnerability 

CVE-2022-1271[0]:
| zgrep, xzgrep: arbitrary-file-write vulnerability



For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-1271
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
[1] https://www.openwall.com/lists/oss-security/2022/04/07/8
[2] https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6
[3] https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
Comment 1 Vipul Nair 2022-04-08 08:06:05 UTC 
Created gzip tracking bugs for this issue:

Affects: fedora-all [bug 2073312]
Comment 9 Todd Zullinger 2022-04-16 19:30:10 UTC 
Is there a fedora tracker for xz?

I filed a PR to apply the upstream patch:

  https://src.fedoraproject.org/rpms/xz/pull-request/7
Comment 10 Richard W.M. Jones 2022-04-17 09:14:01 UTC 
(In reply to Todd Zullinger from comment #9)
> Is there a fedora tracker for xz?
> 
> I filed a PR to apply the upstream patch:
> 
>   https://src.fedoraproject.org/rpms/xz/pull-request/7

Thanks - I've merged this into Rawhide and will do the build soon and
look at bug 2073312 for other Fedora branches.
Comment 11 errata-xmlrpc 2022-04-26 16:45:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1537 https://access.redhat.com/errata/RHSA-2022:1537
Comment 12 errata-xmlrpc 2022-04-26 17:12:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:1592 https://access.redhat.com/errata/RHSA-2022:1592
Comment 13 errata-xmlrpc 2022-05-02 08:09:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:1665 https://access.redhat.com/errata/RHSA-2022:1665
Comment 14 errata-xmlrpc 2022-05-03 07:04:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:1676 https://access.redhat.com/errata/RHSA-2022:1676
Comment 15 errata-xmlrpc 2022-05-11 19:18:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:2191 https://access.redhat.com/errata/RHSA-2022:2191
Comment 16 errata-xmlrpc 2022-05-17 23:39:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4582 https://access.redhat.com/errata/RHSA-2022:4582
Comment 17 Geert Hendrickx 2022-05-18 11:24:01 UTC 
xzgrep is still not fixed.  
Upstream patch is at https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch and applies cleanly.
Comment 19 Sandipan Roy 2022-05-31 07:29:02 UTC 
Created mingw-xz tracking bugs for this issue:

Affects: fedora-all [bug 2091842]


Created xz tracking bugs for this issue:

Affects: fedora-all [bug 2091843]
Comment 21 errata-xmlrpc 2022-06-03 13:48:41 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2022:4896 https://access.redhat.com/errata/RHSA-2022:4896
Comment 22 Vipul Nair 2022-06-07 05:51:40 UTC 
cancelling needinfo tracker have been filed.
Comment 23 errata-xmlrpc 2022-06-08 09:46:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4940 https://access.redhat.com/errata/RHSA-2022:4940
Comment 24 errata-xmlrpc 2022-06-13 07:44:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:4994 https://access.redhat.com/errata/RHSA-2022:4994
Comment 25 errata-xmlrpc 2022-06-13 09:17:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:4992 https://access.redhat.com/errata/RHSA-2022:4992
Comment 26 errata-xmlrpc 2022-06-13 09:18:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:4991 https://access.redhat.com/errata/RHSA-2022:4991
Comment 27 errata-xmlrpc 2022-06-13 09:33:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:4993 https://access.redhat.com/errata/RHSA-2022:4993
Comment 28 errata-xmlrpc 2022-06-15 11:11:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:5052 https://access.redhat.com/errata/RHSA-2022:5052
Comment 30 errata-xmlrpc 2022-06-30 07:31:46 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2022:5439 https://access.redhat.com/errata/RHSA-2022:5439
Comment 31 Product Security DevOps Team 2022-07-01 14:42:19 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-1271
Note You need to log in before you can comment on or make changes to this bug.