[SECURITY] [DLA 2573-1] libzstd security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2573-1] libzstd security update
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Sat, 20 Feb 2021 23:21:11 +0530
Message-id: <[🔎] CAPP0f96ZZKnH2_Jma4JZZJCn2xvOuYtx4UPVFKzhn3wDgkpmmg@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2573-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
February 20, 2021                           https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : libzstd
Version        : 1.1.2-1+deb9u1
Debian Bug     : 981404 982519

It was discovered that zstd, a compression utility, was vulnerable
to a race condition: it temporarily exposed, during a very short
timeframe, a world-readable version of its input even if the
original file had restrictive permissions.

For Debian 9 stretch, this problem has been fixed in version
1.1.2-1+deb9u1.

We recommend that you upgrade your libzstd packages.

For the detailed security status of libzstd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libzstd

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmAxSCkACgkQgj6WdgbD
S5aRwBAAiIkh/lZbQ/xN5oIIr+nySmjIiWpgkJhbOL3SWbVH6nCXp45Bpa7fjEmJ
bwbimzjzAQnb8GkyXDoVY6JEcXak2URq7RTPRbet4e26uFV8JbPQPbZ5rDEDP56H
jifY5B2V9Z6aAsu78aE5Dki9Mg9bjJHi/IUZosvZlN4+FpbbK4BbixnmPoXCFfzF
andt3FTmf/alOYonEeA4nuCsvt9owAzqjZd0VeWs1s1iz3kTt34SDTN1gBlihhcV
MfCfm/WzfaZLCV6A1vA1kgIzZBg4xGiuYhO3z6Dk4Je2FrmOthu6q0YTDH2Sk7lR
qb2lbIH88zaxHv+WBGZqAXJaexXtqk/MwA1B9VLtrKi6evB0qaYaF/YQpMPKZZR9
D5DueXkdMVFuc842BjclDRPvk/BpyfcZEU26b4mMRHfCXsoxj0pJ+MM9reAVVg8S
Xrj/VCQa0/ImLxxf4a4Liobvlnrs+DbB9AMNDu4cbHll+mIeRty87JOV8DL2BSKy
/8w+V+xSNcRo+491lgJqr1LfkxnPM+V9ZimNJh2hfajgCYCqmGUnSTscOKqjeOwH
/QHqz3kO5fZEkg9l9eMBibkmeUBxjWfgGdzq5o6Rpt4f0DNCs+bhQ7oMpLGB23o5
hjHParwbVWG5i8XHm1GPXBiaRXp6yBmPaqg2e23ZAyBGHBJNJtw=
=u10s
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2572-1] wpa security update
Next by Date: [SECURITY] [DLA 2574-1] openldap security update
Previous by thread: [SECURITY] [DLA 2572-1] wpa security update
Next by thread: [SECURITY] [DLA 2574-1] openldap security update
Index(es):
- Date
- Thread