[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3991-1] upx-ucl security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3991-1                [email protected]
https://www.debian.org/lts/security/                      Sylvain Beucler
December 11, 2024                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : upx-ucl
Version        : 3.96-2+deb11u1
CVE ID         : CVE-2023-23456
Debian Bug     : 1033258

A heap-based buffer write overflow issue was discovered in UPX, an
efficient live-compressor for executables. An attacker could corrupt
memory via a crafted file, leading to undefined impact (from
denial-of-service to code execution).

For Debian 11 bullseye, this problem has been fixed in version
3.96-2+deb11u1.

We recommend that you upgrade your upx-ucl packages.

For the detailed security status of upx-ucl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/upx-ucl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmdZw2UACgkQDTl9HeUl
XjBgihAAiL430HNbb9/HluLaxLMIiX29DE5K3dyQT9EUFEU5iRZKKIxVtJ5BWcSd
Fd3NPZDEI1JkqDdUSnOKdR+1j5UVTBgx9AvbwuQTt01rQXKpwg0TLH/9uIW1op03
Fnd7FaVjqWUXs8j9e+FVn3v9XRo8TTKyStNeVLFdll+27NpWBnsbdv9lGUsCbY0v
mBKr5nhfMzMgp1THSd1bcGJUyWywTIb0rNdpbF749NRe3TUlaKdF8qoFLVv7eQKz
zsNEav2j1ps6fmNUnIQMURyzb19OfV0Hgh324wIMyDMqJJ2iWKkgbr+Fgphvb6iy
9/GP1dgYbCuPZlA7R3awTxdpup9ZDT0fsVFl8UVpQWwR83+rnW4IzMRVr8N17Coa
bVEVCX8MJMGEhcN+eJBS/wI7W6IAAZvhpymoYtP4Q0kqrQUsjZb2hfxq3SZJUnKO
KGukh5f0qOx0ntdKGUcg3QarY1+QB+4MJG8z+1fRb8NLvkdrejHpGwEIeQDnA+aU
m2BTMlQguhg1b0AM6EKwGCxekfdfJrMOa3860BBarXBieN7/jHMAd6BwuMOAFf8h
/KZE8IV0BkVKO6VLj58e0pfno8f6dCodoNM4iqlx2BclPOAmIVBlDpWTo0Oq0nQ7
YlVGvpRC9pfKcBSM0Je81NDecZKHyc4dZ/Gs9vxeuRF/x2bonRQ=
=Ix2p
-----END PGP SIGNATURE-----
Reply to:
OSZAR »