it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5145-1] lrzip security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5145-1] lrzip security update
Date: Tue, 24 May 2022 17:48:54 +0000
List-archive: https://lists.debian.org/msgid-search/20220524174854.GA968 AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=eTo17apYcPB/v5XNZcDY9WF5AO9wFDgUd8zYVFu5dkA=; b=ES +nECHRRH1UVWc19ap+PwnUdL9N2vF03F0VOP99daM6kFgiVIJL+e4TL6HlYN1uImFaBGZ/YwYT2J8 OqHNACf8xozQwW5YvrA/UUpOD/lgILRkpXJaeFNvZex6uDslmW0qdN42Vm7C3OOFm0CaTgH8QwDJ8 0Rqf94AKkvOuaSCzTcYMA6pVV/On3OBceW61IV9ggNVwIQ5ZoypqyweU4+rknpHjHj2cLZVebJMks yjqRT8eLly6pTQvqDGWOwqNuoaSteyZ8j90qo/cJ3DrVlRR8zMLqeFWlH/YFffLJOp02LKL8Ypkfq kbNVyRmpv+dpDLcEvI1+OPrVXpABolRw==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Tue, 24 May 2022 17:49:15 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <e3nzTyPeHJH.A.-z.bqRjiB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5145-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 24, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : lrzip
CVE ID : CVE-2018-5786 CVE-2022-26291 CVE-2022-28044

Multiple vulnerabilities have been discovered in the lrzip compression
program which could result in denial of service or potentially the
execution of arbitrary code.

For the oldstable distribution (buster), these problems have been fixed
in version 0.631+git180528-1+deb10u1. This update also addresses
CVE-2021-27345, CVE-2020-25467 and CVE-2021-27347.

For the stable distribution (bullseye), these problems have been fixed in
version 0.641-1+deb11u1.

We recommend that you upgrade your lrzip packages.

For the detailed security status of lrzip please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lrzip

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKNGTcACgkQEMKTtsN8
TjazGRAApfFESYp0z9yJHmiF/rqBm2bJGh1UH0/Zv97a1fpFyCwAQHseA5r6p3Ky
gl9339yuiU6E2lSNeMp+hsO2YP8CCW9hmhfQoAZSwcyp/997Fz0jQ1oSdti4rDV2
LpxhA1sjw8xuA2jaS2078Hkwf0t6TbhG8RR0w178NCK9QrKgR1mJ23Pgna7ZH3Wa
r4JmYRpS09aKJbO0k4FrWjDsneTLszob++TvYerYXpU/lkW+Xjx+8NLL5VGfn5W8
qT0yk1Wcl9eOU1QbsSgM897ntcvce4xcSrb/I3VYuLX1piFfu9qTdXknn07MKimt
3C57lxkSRv/P6n6UNsVdKrnapxyfTXVwDkNI16VrSUTN4t2Ro5Rt/RX6mZip80dG
WdbeC/FiP+9JiwW6x9P8f1jnDhx0bGry/EcWAvLBLw0IyytD3teV7q98zsQcLPOZ
Bkr2kR6xJGhIDHdhzgYHONJccK5y14tPTeamM5BFVGC8he5zBBSZdryAAaAwwoW/
F4gkSt3+5d3gE2Dp3zrjNWNlM/72mz4iUGew9ob5DN6j9v47ZWn39Va3g1pS0BWg
dzTDjZlYRi5THRG/1myz6/6WfGS5yMP14P4tk94c8VamdFocMtbIaYUKA/P4vv6u
SqKLOu7PGcJW5pLL4qxk24Uj+4V0BG3OihZfnfiGCfGxYrVBRvU=
=bEKA
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5145-1] lrzip security update, Moritz Muehlenhoff, 24.05.2022

Archiv bereitgestellt durch MHonArc 2.6.24.