Opened 18 months ago

Closed 18 months ago

Last modified 18 months ago

#5042 closed enhancement (fixed)


Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: high Milestone: 11.2
Component: Book Version: git
Severity: normal Keywords:


New point version.

Change History (6)

comment:1 by ken@…, 18 months ago

xzutils also affected, patch mentioned in that post, followup includes an example exploit (did not work for me, but maybe I missed something - I've got more urgent issues, I rarely use zgrep).

CVE-2022-1271 has been assigned to this issue.

comment:2 by Douglas R. Reno, 18 months ago

Priority: normalhigh

comment:3 by Douglas R. Reno, 18 months ago

From Arch:

Arch Linux Security Advisory ASA-202204-7

Severity: High
Date    : 2022-04-07
CVE-ID  : CVE-2022-1271
Package : gzip
Type    : arbitrary command execution
Remote  : No
Link    :


The package gzip before version 1.12-1 is vulnerable to arbitrary
command execution.


Upgrade to 1.12-1.

# pacman -Syu "gzip>=1.12-1"

The problem has been fixed upstream in version 1.12.




Malicious filenames with two or more newlines can make zgrep and xzgrep
to write to arbitrary files or (with a GNU sed extension) lead to
arbitrary code execution. The issue with the old code is that with
multiple newlines, the N-command will read the second line of input,
then the s-commands will be skipped because it's not the end of  the
file yet, then a new sed cycle starts and the pattern space is printed
and emptied. So only the last line or two get escaped.


An attacker is able to provide malicious filenames to write to
arbitrary files or execute arbitrary commands on the affected host.


A preliminary look tells me that we'll need to patch XZ as well.

comment:4 by Bruce Dubbs, 18 months ago

Owner: changed from lfs-book to Bruce Dubbs
Status: newassigned

comment:5 by Bruce Dubbs, 18 months ago

Resolution: fixed
Status: assignedclosed

Fixed at commit 62b66860b3f0bd7fd419817518798443bce90a8e

Package updates.
    Update to libcap-2.64.
    Update to linux-5.17.3.
    Update to gzip-1.12.

comment:6 by Douglas R. Reno, 18 months ago

Security Advisory 11.1-028 issued.

Note: See TracTickets for help on using tickets.