Upgrade Centos:8 xz-libs to version 0:5.2.4-4.el8_6 or higher. See How to fix? for Centos:8 relevant fixed versions and status. Note: Versions mentioned in the description apply only to the upstream xz-libs package and not the xz-libs package as distributed by Centos:8. Upgrade Centos:8 xz to version 0:5.2.4-4.el8_6 or higher. Note: Versions mentioned in the description apply only to the upstream xz package and not the xz package as distributed by Centos:8. Upgrade Centos:8 gzip to version 0:1.9-13.el8_5 or higher.
This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. See How to fix? for Centos:8 relevant fixed versions and status.Īn arbitrary file write vulnerability was found in GNU gzip's zgrep utility. Note: Versions mentioned in the description apply only to the upstream gzip package and not the gzip package as distributed by Centos:8.
0 kommentar(er)
