Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2587 lrzip security update 2 August 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: lrzip Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Denial of Service -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-11496 CVE-2018-10685 CVE-2018-5786 CVE-2018-5747 CVE-2018-5650 CVE-2017-9929 CVE-2017-9928 CVE-2017-8846 CVE-2017-8844 Reference: ESB-2019.3216.2 ESB-2019.1136 Original Bulletin: https://lists.debian.org/debian-lts-announce/2021/08/msg00001.html - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2725-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany August 01, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : lrzip Version : 0.631-1+deb9u1 CVE ID : CVE-2017-8844 CVE-2017-8846 CVE-2017-9928 CVE-2017-9929 CVE-2018-5650 CVE-2018-5747 CVE-2018-5786 CVE-2018-10685 CVE-2018-11496 Several security vulnerabilities have been discovered in lrzip, a compression program. Heap-based and stack buffer overflows, use-after-free and infinite loops would allow attackers to cause a denial of service or possibly other unspecified impact via a crafted file. For Debian 9 stretch, these problems have been fixed in version 0.631-1+deb9u1. We recommend that you upgrade your lrzip packages. For the detailed security status of lrzip please refer to its security tracker page at: https://security-tracker.debian.org/tracker/lrzip Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmEHF+RfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSErQ/+MvTv2Lz81vg6+fzhJfKAILMPFgqmLoPxofNrra4RVwk8zgiU+KpeNQpe t+S8rdNP5BLijg13vmU/lOM3xG/NMZdzosQ3xX5G6Asg+iPrx44tsd2wyaGlaiWA VHy5scJB7eesMVBhhDgjJgqwqLY6GygdwyPuNAkbLBZxigfUQcnjnK32adZ5K1B7 8rUFhHNtZDteSrujHk/3Kf7hh3zeZisDILNTRfjPeQQvrU+8D1+TR+1ml3LscSzv 4GCNm7eu213CJElSCK5RD/m3MRSCUNHHDkIxT+siK3gg90awPbXC0MXiO2aodiHR Lf8vpioopwc4amNNi2t28JdIa31tTiAglXmy3z0CItcznYO+KMak552jX5bb9FKT MKIz62M7C3FBNqy/FpIHjTM4GzNq6XBexkWlxZJJ/u02dCUWhuc6d0GawaMTMVZd kr9q5q2vUzo7muoldD4F4M5qQJyapqCxrk2tM306Y8V6IyoZQWrFl91FGr/VOUDH a3hc8eLebYTtQhPlhYD9QH+E+k9R1aTtpo0kjhDpppr7KbnoOcx5t8Jb8zsD9IHI ovAAqrIP4l0zZYREjFUX2XFInZ73hKYbRraBXQ4yP/uulWHMbd3kwb8reQAE0g8m tr2hMP3l/AGVQsqOe4BjnRB4wfovw2gHVcPHsAz+SxOhnZB42CQ= =Ciw3 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYQdmZONLKJtyKPYoAQjTSQ//VoP4bDlFl4c75yMrcOMjmN/n7EsiNHeF ZyqTAvKf4tXKmrmuHWsAUidIfQ1pD9WoXIjX0qrgVOH0tm5sTpH/KBAWSj0mNK8j 8kV5ctg9jDcQzKERd30zSdTgrrerZDbjJct2qIjjdMbht96Ww1ke7P5a+yzxdLl7 4FynluSTxHvTHlgGpc3ChuyY47AaE18LP6T2d7+8PsMGD7M0nciMD9TwihGveuOp 5tSBxVqJmjQSJkloVFuVZI4b0kavxaLQOEPUQSn+DxvJwqOxthnJLAoEksSOwD+m KH+3/KaYu52FpauPRhW+5sWN7g9NhkXmiS048IVVZ3rYZ8IiqKdDXt6V1Cs0QOAI mEDCyiNftxvgO3KBEcj6CB4jbdL+HvSVkql5vXTgtfY+zYPp+/EsoT27ghYm2F5p GdeRNxAQaDlD2IRNnavjqz/6ELM5QzavvfQD3GaTp5x+La39GXmK7j+7XEz5QTDc pOCot0njEUgyoSEQR2Slrjci8v9efY9vGgtsyfoIhUU7j4mg2Aj446t38gy+dpyu lSAXLdPk0GgWj4zdUOnUhMUMXvEdkToPe8Rk0asc5sHcUu0432XhU7A6CCiPG8aY fsXPBZY7Rme1hlnzTGbCtsRKBn4NZbOWuGCoKVKjMjm16nv/qxhLH104MUnUb16J Eo/O6qvKrr4= =nbHe -----END PGP SIGNATURE-----