[ASA-202204-7] gzip: arbitrary command execution
anthraxx at archlinux.org
Tue Apr 12 19:01:36 UTC 2022
Arch Linux Security Advisory ASA-202204-7
Date : 2022-04-07
CVE-ID : CVE-2022-1271
Package : gzip
Type : arbitrary command execution
Remote : No
Link : https://security.archlinux.org/AVG-2666
The package gzip before version 1.12-1 is vulnerable to arbitrary
Upgrade to 1.12-1.
# pacman -Syu "gzip>=1.12-1"
The problem has been fixed upstream in version 1.12.
Malicious filenames with two or more newlines can make zgrep and xzgrep
to write to arbitrary files or (with a GNU sed extension) lead to
arbitrary code execution. The issue with the old code is that with
multiple newlines, the N-command will read the second line of input,
then the s-commands will be skipped because it's not the end of the
file yet, then a new sed cycle starts and the pattern space is printed
and emptied. So only the last line or two get escaped.
An attacker is able to provide malicious filenames to write to
arbitrary files or execute arbitrary commands on the affected host.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the arch-security