Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0642
libzstd security update
22 February 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: libzstd
Publisher: Debian
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
Reference: ESB-2021.0487
Original Bulletin:
https://www.debian.org/lts/security/2021/dla-2573
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running libzstd check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -----------------------------------------------------------------------
Debian LTS Advisory DLA-2573-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
February 20, 2021 https://wiki.debian.org/LTS
- - -----------------------------------------------------------------------
Package : libzstd
Version : 1.1.2-1+deb9u1
Debian Bug : 981404 982519
It was discovered that zstd, a compression utility, was vulnerable
to a race condition: it temporarily exposed, during a very short
timeframe, a world-readable version of its input even if the
original file had restrictive permissions.
For Debian 9 stretch, this problem has been fixed in version
1.1.2-1+deb9u1.
We recommend that you upgrade your libzstd packages.
For the detailed security status of libzstd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libzstd
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmAxSCkACgkQgj6WdgbD
S5aRwBAAiIkh/lZbQ/xN5oIIr+nySmjIiWpgkJhbOL3SWbVH6nCXp45Bpa7fjEmJ
bwbimzjzAQnb8GkyXDoVY6JEcXak2URq7RTPRbet4e26uFV8JbPQPbZ5rDEDP56H
jifY5B2V9Z6aAsu78aE5Dki9Mg9bjJHi/IUZosvZlN4+FpbbK4BbixnmPoXCFfzF
andt3FTmf/alOYonEeA4nuCsvt9owAzqjZd0VeWs1s1iz3kTt34SDTN1gBlihhcV
MfCfm/WzfaZLCV6A1vA1kgIzZBg4xGiuYhO3z6Dk4Je2FrmOthu6q0YTDH2Sk7lR
qb2lbIH88zaxHv+WBGZqAXJaexXtqk/MwA1B9VLtrKi6evB0qaYaF/YQpMPKZZR9
D5DueXkdMVFuc842BjclDRPvk/BpyfcZEU26b4mMRHfCXsoxj0pJ+MM9reAVVg8S
Xrj/VCQa0/ImLxxf4a4Liobvlnrs+DbB9AMNDu4cbHll+mIeRty87JOV8DL2BSKy
/8w+V+xSNcRo+491lgJqr1LfkxnPM+V9ZimNJh2hfajgCYCqmGUnSTscOKqjeOwH
/QHqz3kO5fZEkg9l9eMBibkmeUBxjWfgGdzq5o6Rpt4f0DNCs+bhQ7oMpLGB23o5
hjHParwbVWG5i8XHm1GPXBiaRXp6yBmPaqg2e23ZAyBGHBJNJtw=
=u10s
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYDMaeeNLKJtyKPYoAQiwtQ//QYTGH23xXEhKTYqIZd9GjJI2eXprqqfw
3RkuZMbbVlg8jjpL63tfJwcGngs3VnoosQDv4rUm4Wb2tKtuwLnxiJnyql3qDsIJ
tqt/IPt5F8s113zcyWXJXIldf8ZiPKAfawkUUPyR5wR0663JFUJZbX5++gIGT9qx
XCppwUn6Xxm57QKUbWGS5sOr8PIdojiTMfBTGS5rwLi1gKnhe1hVtzQ8BfPKq+NX
fX3dSmJ7arnoJn22XzmbQLapeaCKIZ6S5DY3xnRGCvg/707NcY8rAX7rcEsQxaEv
nd1yvfFUV3ZEm8paWEdm7pBdpAa9YWf5XZQKjxfaCpe0jl5VX9ecZAZV5P2/zqo/
2tL+eZS1QlvmxD+QFCLX/y76AAv0tODhiwkJcjSxwn0kr4JlpdOsvUrcehGr4USU
IxhsxUUIgCJofG3ePpaM+movMlZ2SxO+lnBLJO+gwR7hYF3616Pw42H9lQWKMfo1
ac8CtmWwqoqKAT1FciOJM4GlYL8hF3Q8BjCEYZGw9TWBL42QBHZkazDlMxambSUZ
mIGVIAG3vjAeC2DEOrnqZ7sTQHt3cTbL8XZ8jIMhhy/PfgttLFtme9w2eROUZw2Q
pU6CZDwv7C0v2OpSEzzvgJi47oEvSDPgMkKqGMvr9ImHcMpxLzVcvPsW3tDWYmlG
wGKoyJvHRQ0=
=vYKu
-----END PGP SIGNATURE-----