it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5123-1] xz-utils security update
- Date: Mon, 18 Apr 2022 19:36:12 +0000
- List-archive: https://lists.debian.org/msgid-search/E1ngXAS-0008Dt-Sk AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version :Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=YRCl3zbz8Qm6CHsdncKvpN62r00yQA5nhjgMcicCbI4=; b=dP YIg58SapBWJJsh90cRiyAy9xebbAVkdyaqwVEwwjXfUA5xmVFAFThWnIbVpXCA3e/i+ixatAF87h3 oGEjVCLbixTcDIQ9jOksN2HS1NIJ3ZOF1TTry3lNnWuxCFIRyO7H/lAcbzSfDY2nFfcanQKgooeSp u18l/9XNVGPmIT1Ovjzq0w5PnLHwNS0g61yLwkoMJow7B3glT9KEsqYRYCj7jNykNUONgi2u63BeD m2pkumjfo9JwBfP0DQbeRAXjDbOWoC0eY71fbUmxlxBNx2AByur7VThHx2DihovhJDN70nXr0gzAo 6M5miC2eH/RpKkTHna6lj4Galtd3DnKQ==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Mon, 18 Apr 2022 19:36:32 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <WQiuQ2kDOnE.A.xLH.A3bXiB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5123-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 18, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : xz-utils
CVE ID : CVE-2022-1271
Debian Bug : 1009167
cleemy desu wayo reported that incorrect handling of filenames by xzgrep
in xz-utils, the XZ-format compression utilities, can result in
overwrite of arbitrary files or execution of arbitrary code if a file
with a specially crafted filename is processed.
For the oldstable distribution (buster), this problem has been fixed
in version 5.2.4-1+deb10u1.
For the stable distribution (bullseye), this problem has been fixed in
version 5.2.5-2.1~deb11u1.
We recommend that you upgrade your xz-utils packages.
For the detailed security status of xz-utils please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/xz-utils
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmJdvZFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QyGA//fxac3GDLmcVJ+PhY069vHhJS+nzMXTI2HfthlEa5mlnM4C6Ld71dYyPA
GJt6Z4FHr5eeOfURM2A36DVdeUjX/iJ5OQiwpCfYy7ZhqLQzv4fAzIt0YjWDM2Bf
Jnn0fA9tdiAO2JWNVQtAHPT9XM5AtFd1/fJrfDp9bmYGEPi2YPMTRd+tuvPw3IFE
YYuqduVWvHGvzgjFrNzL61YK0/irC4+ILpOQaAF8gsZY8Lq8We8/FQlmuweO7qlh
73IXKbunXDSv9NmVNYhQpuoBnLjrRWFRh24bjgRVmBzLb1K3/c5QmD8Od/iZbA8a
8i0XqhwBMTmlCmj3ItbicL06NSzlgJfSAMrDRGEfvWEQuN4J/pzHQYSU+xVz1Rw5
jCofjGUry+my2GynzPpiqQxOzojIxMy4qTQBFSarbMLWxeeGT9XYnvel9efHoPEC
GD8e5pcIX6fuacxHbn+GMquA3p+iRNNvriyhRISHsKT6vwmr4f7qan6beo7g71Yv
3DI6JS2NEPGhtNk3dZe6T6wslpZ8U241bUqznqxEXi7zt89Z7iiwfjYCzh0c41g2
jyA57EpnuV7Ugna5xvPv7oQE3Vw9PVvc++o2jUp6K74p7wwwqSlgveRpqxLR+CYl
1Jc+Ohy9oL88mj0W7x/SCp0zOCI2N+meTVVoJv8Cb9GupT2nAvE=
=k53J
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5123-1] xz-utils security update, Salvatore Bonaccorso, 18.04.2022
Archiv bereitgestellt durch MHonArc 2.6.24.