-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-5123-1
security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso
April 18, 2022
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : xz-utils
CVE ID : CVE-2022-1271
Debian Bug : 1009167
cleemy desu wayo reported that incorrect handling of filenames by xzgrep
in xz-utils, the XZ-format compression utilities, can result in
overwrite of arbitrary files or execution of arbitrary code if a file
with a specially crafted filename is processed.
For the oldstable distribution (buster), this problem has been fixed
in version 5.2.4-1+deb10u1.
For the stable distribution (bullseye), this problem has been fixed in
version 5.2.5-2.1~deb11u1.
We recommend that you upgrade your xz-utils packages.
For the detailed security status of xz-utils please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/xz-utils
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmJdvZFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QyGA//fxac3GDLmcVJ+PhY069vHhJS+nzMXTI2HfthlEa5mlnM4C6Ld71dYyPA GJt6Z4FHr5eeOfURM2A36DVdeUjX/iJ5OQiwpCfYy7ZhqLQzv4fAzIt0YjWDM2Bf Jnn0fA9tdiAO2JWNVQtAHPT9XM5AtFd1/fJrfDp9bmYGEPi2YPMTRd+tuvPw3IFE YYuqduVWvHGvzgjFrNzL61YK0/irC4+ILpOQaAF8gsZY8Lq8We8/FQlmuweO7qlh 73IXKbunXDSv9NmVNYhQpuoBnLjrRWFRh24bjgRVmBzLb1K3/c5QmD8Od/iZbA8a 8i0XqhwBMTmlCmj3ItbicL06NSzlgJfSAMrDRGEfvWEQuN4J/pzHQYSU+xVz1Rw5 jCofjGUry+my2GynzPpiqQxOzojIxMy4qTQBFSarbMLWxeeGT9XYnvel9efHoPEC GD8e5pcIX6fuacxHbn+GMquA3p+iRNNvriyhRISHsKT6vwmr4f7qan6beo7g71Yv 3DI6JS2NEPGhtNk3dZe6T6wslpZ8U241bUqznqxEXi7zt89Z7iiwfjYCzh0c41g2 jyA57EpnuV7Ugna5xvPv7oQE3Vw9PVvc++o2jUp6K74p7wwwqSlgveRpqxLR+CYl 1Jc+Ohy9oL88mj0W7x/SCp0zOCI2N+meTVVoJv8Cb9GupT2nAvE=
=k53J
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)