1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5895-1] xz-utils security update

    From Salvatore Bonaccorso@21:1/5 to All on Sat Apr 5 13:30:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5895-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    April 05, 2025 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : xz-utils
    CVE ID : CVE-2025-31115

    Harri K. Koskinen discovered a flaw in the multithreaded .xz decoder lzma_stream_decoder_mt in xz-utils, the XZ-format compression utilities,
    which may lead to denial of service (application crash) or the execution
    of arbitrary code.

    For the stable distribution (bookworm), this problem has been fixed in
    version 5.4.1-1.

    We recommend that you upgrade your xz-utils packages.

    For the detailed security status of xz-utils please refer to its
    security tracker page at:
    https://security-tracker.debian.org/tracker/xz-utils

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmfxElBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TazA//aAU9h64E0VUQMGJSxuzjUWEBYeBvwCMDjypSP5Bv+whOsQYcPQ8gLJb9 N9Hljo0hSwt/Ff1Tkclcz19hzvidfdMZeDDXfkgBIlcspaRmWV0OqX6AaFD7lhk4 l+7I8hIPQpR/HJx1OWprYxQUwVaPpRG/iAW3jP9IFekW3f+sId5zftGkagIV0USf kTwFWNOKFKRd84L72m/erLpLI/XrOiYphyxMrnwrskGjOAjBo6pJTuheaOhY28V/ X3qGGP1ABRlA5mZtxkqdGUHoQBjxnq6OLGfLcIfv13+XBq3RN6RvTs6ZHN6oW5vW ZC2JxFeEigN49bKSGS94gC+2e9ZD3Q21Whhww8vvU03ls0ioW/oF2qI8kDVx0U0Z bKZpAplnj58hFQV49A79xJZy5C56aTR86/KoA02DYJGTlhyDIbFfXjtnhTx3ZwtW st7PLfYusC7DeQxvuCpu+FNjnmA65cEi2nncV39c9EFdkagh2/BCLLzmQEkRLK4U UQ2fPHzfmdawd60AYf3Oxcb+id/fLczYE4IDdxFCzmTgV4QmEqqFq2wG6VF5DsyE ssRHtSxiynKqgRxbss1QLgKLPMNbTjZRp0sK4c5tCK2AAibp5v56eZYsPlpju4NP xDqsutvLt+QJ4f9FxrenJOUj9dbuJdIUssSEvYc5htzdrQWDMec=
    =v6xz
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)