What is package xz-5.4.6a, XZ Utils 5.4.6? KEYWORDS: xz-5.4.6a XZ Utils 5.4.6 *** TO BE FILLED IN BY CUTTER *** RELEASE: XZ Utils provide a general-purpose data-compression library plus command-line tools. The native file format is the .xz format, but also the legacy .lzma format is supported. The .xz format supports multiple compression algorithms, which are called "filters" in the context of XZ Utils. The primary filter is currently LZMA2. With typical files, XZ Utils create about 30 % smaller files than gzip. ---------------------------------------------------------- Changes between xz-5.4.6 and xz-5.4.6a * Fixed CVE-2025-31115 The multithreaded .xz decoder in liblzma had a bug where invalid input could at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. ---------------------------------------------------------- I. Software Notes and Recommendations xz should only be installed on: UnixWare 7 Definitive D2M1 or later or SCO OpenServer 6 Definitive D2M1 or later. ---------------------------------------------------------- II. Installation Instructions To install xz-5.4.6 follow these steps: 1. Login as root 2. Download the xz-5.4.6a-UnixWare-i386.pkg.gz file and optionally xz-dev-5.4.6a-UnixWare-i386.pkg.gz to the /tmp directory on your machine. 3. After the download is complete, change to /tmp and run the following to command(s) to verify the integrity of the download: sha256 xz-5.4.6a-UnixWare-i386.pkg.gz sha256 xz-dev-5.4.6a-UnixWare-i386.pkg.gz The output should be: SHA256 (xz-5.4.6a-UnixWare-i386.pkg.gz) = 3fc1e54c1155ab9673bcbefdd43d891d60b54f8827fa62df7910eed8fe99fdf0 SHA256 (xz-dev-5.4.6a-UnixWare-i386.pkg.gz) = 086e8b25a4ac9898f714aa84fe2a775f9366b3cdb3db79a027012c9480feb2d3 4. After verifying the sums match, As root, add the package to your system using these commands: $ su - Password: # gzcat xz-5.4.6a-UnixWare-i386.pkg.gz | pkgadd -d - Alternatively, this package may be installed in quiet mode by using these commands: $ su - Password: # gzcat xz-5.4.6a-UnixWare-i386.pkg.gz | pkgadd -qd - all If you are doing software development that requires the xz compression routines, repeat steps for xz-dev-5.4.6a-UnixWare-i386.pkg.gz 5. Installation of package xz-5.4.6 is now complete. 6. Once the installation has completed, you can remove or archive xz-5.4.6a-UnixWare-i386.pkg.gz downloaded in step 2. 7. There is no need to reboot the system after installing this package. However, if your system is running any libraries or commands that are contained in this package, then these programs will continue to run with the old versions of these libraries or commands until the system is rebooted. Note that when all necessary packages have been installed, it is good practice to reboot the system at the earlier opportunity. This will ensure that no programs continue to run with the old libraries or commands. ---------------------------------------------------------- III. Removal Instructions Note: Packages must be removed in the reverse order in which they were installed due to dependencies. 1. As root, remove the package using these commands: $ su - Password: # pkgrm xz 2. There is no need to reboot the system after removing this package. However, if your system is running any libraries or commands that are contained in this package, then these programs will continue to run with the old versions of these libraries or commands until the system is rebooted. Note that when all necessary packages have been removed, it is good practice to reboot the system at the earlier opportunity. This will ensure that no programs continue to run with the old libraries or commands. If you have questions regarding this package, or the product on which it is installed, please contact your software supplier. ------------------------------------------------------------------------------- (C) Copyright 2025 Xinuos, Inc. All Rights Reserved.