[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 5145-1] lrzip security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5145-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 24, 2022                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : lrzip
CVE ID         : CVE-2018-5786 CVE-2022-26291 CVE-2022-28044

Multiple vulnerabilities have been discovered in the lrzip compression
program which could result in denial of service or potentially the
execution of arbitrary code.

For the oldstable distribution (buster), these problems have been fixed
in version 0.631+git180528-1+deb10u1. This update also addresses
CVE-2021-27345, CVE-2020-25467 and CVE-2021-27347.

For the stable distribution (bullseye), these problems have been fixed in
version 0.641-1+deb11u1.

We recommend that you upgrade your lrzip packages.

For the detailed security status of lrzip please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lrzip

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKNGTcACgkQEMKTtsN8
TjazGRAApfFESYp0z9yJHmiF/rqBm2bJGh1UH0/Zv97a1fpFyCwAQHseA5r6p3Ky
gl9339yuiU6E2lSNeMp+hsO2YP8CCW9hmhfQoAZSwcyp/997Fz0jQ1oSdti4rDV2
LpxhA1sjw8xuA2jaS2078Hkwf0t6TbhG8RR0w178NCK9QrKgR1mJ23Pgna7ZH3Wa
r4JmYRpS09aKJbO0k4FrWjDsneTLszob++TvYerYXpU/lkW+Xjx+8NLL5VGfn5W8
qT0yk1Wcl9eOU1QbsSgM897ntcvce4xcSrb/I3VYuLX1piFfu9qTdXknn07MKimt
3C57lxkSRv/P6n6UNsVdKrnapxyfTXVwDkNI16VrSUTN4t2Ro5Rt/RX6mZip80dG
WdbeC/FiP+9JiwW6x9P8f1jnDhx0bGry/EcWAvLBLw0IyytD3teV7q98zsQcLPOZ
Bkr2kR6xJGhIDHdhzgYHONJccK5y14tPTeamM5BFVGC8he5zBBSZdryAAaAwwoW/
F4gkSt3+5d3gE2Dp3zrjNWNlM/72mz4iUGew9ob5DN6j9v47ZWn39Va3g1pS0BWg
dzTDjZlYRi5THRG/1myz6/6WfGS5yMP14P4tk94c8VamdFocMtbIaYUKA/P4vv6u
SqKLOu7PGcJW5pLL4qxk24Uj+4V0BG3OihZfnfiGCfGxYrVBRvU=
=bEKA
-----END PGP SIGNATURE-----


Reply to: