Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-86158

xz needs to be updated for CVE-2024-47611 and CVE-2025-31115

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Major Major
    • None
    • CentOS Stream 10, rhel-10.0.beta, rhel-10.0, rhel-10.0.z, rhel-10.1, rhel-10.1.z, rhel-10.2
    • xz
    • None
    • No
    • None
    • 1
    • rhel-plumbers
    • ssg_core_services
    • 1
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Plumbers Sprint 2
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • All
    • None

      What were you trying to do that didn't work?

      Use xz in CentOS Stream 10 without being affected by these two CVEs

      https://access.redhat.com/security/cve/CVE-2024-47611
      https://access.redhat.com/security/cve/CVE-2025-31115

      What is the impact of this issue to you?

      My systems are vulnerable to these vulnerabilities

      Please provide the package NVR for which the bug is seen:

      xz-1:5.6.2-3.el10

      How reproducible is this bug?:

      Always

      Steps to reproduce

      See the CVE advisories

      Expected results

      xz not vulnerable

      Actual results

      xz is vulnerable

              jamartis@redhat.com Jakub Martisko
              michel.lind Michel Lind (Inactive)
              Jakub Martisko Jakub Martisko
              RHEL CS Plumbers QE Bot RHEL CS Plumbers QE Bot
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: