CLSA-2022-1652706322

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1652706322.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2022-1652706322

Upstream

CVE-2022-1271

Published

2022-05-16T13:05:22Z

Modified

2026-06-04T09:45:43.894305752Z

Summary

Fix CVE(s): CVE-2022-1271

Details

SECURITY UPDATE: arbitrary file override with crafted file names
- debian/patches/CVE-2022-1271-1.patch: avoid exploit via multi-newline file names in zgrep.in.
- debian/patches/CVE-2022-1271-2.patch: add test in tests/Makefile.am, tests/zgrep-abuse.
- debian/patches/CVE-2022-1271-3.patch: port to POSIX sed in zgrep.in.
- debian/patches/CVE-2022-1271-4.patch: optimize out a grep in gzexe.in.
- debian/patches/CVE-2022-1271-5.patch: use C locale more often in gzexe.in, sample/zfile, zdiff.in, zgrep.in, znew.in.
- debian/patches/CVE-2022-1271-6.patch: fix "binary file matches" mislabeling in tests/Makefile.am, tests/zgrep-binary, zgrep.in.
- debian/rules: fix permissions on new test scripts.
- CVE-2022-1271

References

https://errata.cloudlinux.com/ubuntu16_04/CLSA-2022-1652706322

Affected packages

TuxCare:Ubuntu:16.04 / gzip

Package

Name: gzip
Purl: pkg:deb/tuxcare/gzip?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6-4ubuntu1+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1652706322.json"