-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3991-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler December 11, 2024 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : upx-ucl Version : 3.96-2+deb11u1 CVE ID : CVE-2023-23456 Debian Bug : 1033258 A heap-based buffer write overflow issue was discovered in UPX, an efficient live-compressor for executables. An attacker could corrupt memory via a crafted file, leading to undefined impact (from denial-of-service to code execution). For Debian 11 bullseye, this problem has been fixed in version 3.96-2+deb11u1. We recommend that you upgrade your upx-ucl packages. For the detailed security status of upx-ucl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/upx-ucl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmdZw2UACgkQDTl9HeUl XjBgihAAiL430HNbb9/HluLaxLMIiX29DE5K3dyQT9EUFEU5iRZKKIxVtJ5BWcSd Fd3NPZDEI1JkqDdUSnOKdR+1j5UVTBgx9AvbwuQTt01rQXKpwg0TLH/9uIW1op03 Fnd7FaVjqWUXs8j9e+FVn3v9XRo8TTKyStNeVLFdll+27NpWBnsbdv9lGUsCbY0v mBKr5nhfMzMgp1THSd1bcGJUyWywTIb0rNdpbF749NRe3TUlaKdF8qoFLVv7eQKz zsNEav2j1ps6fmNUnIQMURyzb19OfV0Hgh324wIMyDMqJJ2iWKkgbr+Fgphvb6iy 9/GP1dgYbCuPZlA7R3awTxdpup9ZDT0fsVFl8UVpQWwR83+rnW4IzMRVr8N17Coa bVEVCX8MJMGEhcN+eJBS/wI7W6IAAZvhpymoYtP4Q0kqrQUsjZb2hfxq3SZJUnKO KGukh5f0qOx0ntdKGUcg3QarY1+QB+4MJG8z+1fRb8NLvkdrejHpGwEIeQDnA+aU m2BTMlQguhg1b0AM6EKwGCxekfdfJrMOa3860BBarXBieN7/jHMAd6BwuMOAFf8h /KZE8IV0BkVKO6VLj58e0pfno8f6dCodoNM4iqlx2BclPOAmIVBlDpWTo0Oq0nQ7 YlVGvpRC9pfKcBSM0Je81NDecZKHyc4dZ/Gs9vxeuRF/x2bonRQ= =Ix2p -----END PGP SIGNATURE-----
