Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0642 libzstd security update 22 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libzstd Publisher: Debian Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Access Confidential Data -- Existing Account Resolution: Patch/Upgrade Reference: ESB-2021.0487 Original Bulletin: https://www.debian.org/lts/security/2021/dla-2573 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running libzstd check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2573-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta February 20, 2021 https://wiki.debian.org/LTS - - ----------------------------------------------------------------------- Package : libzstd Version : 1.1.2-1+deb9u1 Debian Bug : 981404 982519 It was discovered that zstd, a compression utility, was vulnerable to a race condition: it temporarily exposed, during a very short timeframe, a world-readable version of its input even if the original file had restrictive permissions. For Debian 9 stretch, this problem has been fixed in version 1.1.2-1+deb9u1. We recommend that you upgrade your libzstd packages. For the detailed security status of libzstd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libzstd Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmAxSCkACgkQgj6WdgbD S5aRwBAAiIkh/lZbQ/xN5oIIr+nySmjIiWpgkJhbOL3SWbVH6nCXp45Bpa7fjEmJ bwbimzjzAQnb8GkyXDoVY6JEcXak2URq7RTPRbet4e26uFV8JbPQPbZ5rDEDP56H jifY5B2V9Z6aAsu78aE5Dki9Mg9bjJHi/IUZosvZlN4+FpbbK4BbixnmPoXCFfzF andt3FTmf/alOYonEeA4nuCsvt9owAzqjZd0VeWs1s1iz3kTt34SDTN1gBlihhcV MfCfm/WzfaZLCV6A1vA1kgIzZBg4xGiuYhO3z6Dk4Je2FrmOthu6q0YTDH2Sk7lR qb2lbIH88zaxHv+WBGZqAXJaexXtqk/MwA1B9VLtrKi6evB0qaYaF/YQpMPKZZR9 D5DueXkdMVFuc842BjclDRPvk/BpyfcZEU26b4mMRHfCXsoxj0pJ+MM9reAVVg8S Xrj/VCQa0/ImLxxf4a4Liobvlnrs+DbB9AMNDu4cbHll+mIeRty87JOV8DL2BSKy /8w+V+xSNcRo+491lgJqr1LfkxnPM+V9ZimNJh2hfajgCYCqmGUnSTscOKqjeOwH /QHqz3kO5fZEkg9l9eMBibkmeUBxjWfgGdzq5o6Rpt4f0DNCs+bhQ7oMpLGB23o5 hjHParwbVWG5i8XHm1GPXBiaRXp6yBmPaqg2e23ZAyBGHBJNJtw= =u10s - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYDMaeeNLKJtyKPYoAQiwtQ//QYTGH23xXEhKTYqIZd9GjJI2eXprqqfw 3RkuZMbbVlg8jjpL63tfJwcGngs3VnoosQDv4rUm4Wb2tKtuwLnxiJnyql3qDsIJ tqt/IPt5F8s113zcyWXJXIldf8ZiPKAfawkUUPyR5wR0663JFUJZbX5++gIGT9qx XCppwUn6Xxm57QKUbWGS5sOr8PIdojiTMfBTGS5rwLi1gKnhe1hVtzQ8BfPKq+NX fX3dSmJ7arnoJn22XzmbQLapeaCKIZ6S5DY3xnRGCvg/707NcY8rAX7rcEsQxaEv nd1yvfFUV3ZEm8paWEdm7pBdpAa9YWf5XZQKjxfaCpe0jl5VX9ecZAZV5P2/zqo/ 2tL+eZS1QlvmxD+QFCLX/y76AAv0tODhiwkJcjSxwn0kr4JlpdOsvUrcehGr4USU IxhsxUUIgCJofG3ePpaM+movMlZ2SxO+lnBLJO+gwR7hYF3616Pw42H9lQWKMfo1 ac8CtmWwqoqKAT1FciOJM4GlYL8hF3Q8BjCEYZGw9TWBL42QBHZkazDlMxambSUZ mIGVIAG3vjAeC2DEOrnqZ7sTQHt3cTbL8XZ8jIMhhy/PfgttLFtme9w2eROUZw2Q pU6CZDwv7C0v2OpSEzzvgJi47oEvSDPgMkKqGMvr9ImHcMpxLzVcvPsW3tDWYmlG wGKoyJvHRQ0= =vYKu -----END PGP SIGNATURE-----