{"schema_version": "1.3.1", "id": "RLSA-2022:1537", "modified": "2023-02-02T12:52:11.974013Z", "published": "2022-04-26T09:54:04Z", "related": ["CVE-2022-1271"], "summary": "Important: gzip security update", "details": "The gzip packages contain the gzip (GNU zip) data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times.\n\nSecurity Fix(es):\n\n* gzip: arbitrary-file-write vulnerability (CVE-2022-1271)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}], "affected": [{"package": {"ecosystem": "Rocky Linux:8", "name": "gzip", "purl": "pkg:rpm/rocky-linux/gzip?distro=rocky-linux-8-6-legacy&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.9-13.el8_5"}], "database_specific": {"yum_repository": "BaseOS"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2022:1537"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073310"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}