[SECURITY] [DLA 2900-1] lrzsz security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2900-1] lrzsz security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Tue, 25 Jan 2022 22:07:38 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2201252206470.26294@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2900-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
January 25, 2022                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : lrzsz
Version        : 0.12.21-8+deb9u1
CVE ID         : CVE-2018-10195

An issues has been found in lrzsz, a set of tools for zmodem/xmodem/ymodemfile transfer.Due to an incorrect length check, which might result in a size_t wraparound, an information leak to the receiving side could happen.



For Debian 9 stretch, this problem has been fixed in version
0.12.21-8+deb9u1.

We recommend that you upgrade your lrzsz packages.

For the detailed security status of lrzsz please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lrzsz

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmHwdKpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfb6w//RtutOLAcIdNhoDpicQmZpdUw8Gh17yqrTUlTd90/0PmAfM0ZC2RDt/yr
CgXDZ77vJ8qjo+9IREpzSTR1hQpakSjKVb9a4y9kk1X4Sz0ZxvZugvHZUcou1Yzg
JN0hnukhXGwwRHr/JFbOkqm04JUCJ1afcVNuN9x1VPTZybb0NkdbN+35HEobwdXE
dsDVwq8bJGuYB12kviv8O0Mhot3g6zd1jQfTJUyvW9MjkuuTSo1eFHJPQ/J53kDr
6St3wRQhPzifjZCdjuMVj1utVj4siALUCBWP5V8VxWDh/ryUfWlbP+481oe78VQU
rvfkGMkZSDOAU5KI+37AkdlEgTaLtyY88rHljBDdZGzeMY925cTwSFLECy+RRLer
b0j0poV67uTZm5lgnxbSZb40B1CQmmKeY1eisf9FtZc2df6oyKQGGigS2mryXLqb
CGY1FPf+X3LoJ+G15M32GiXg4TjWz6wD4VaJh1pLHNnLNDAPE/56xAxO5rZNHfyn
yHUNAmzCSl1ftka4gmXmrUaWljFTd+cPayYRJQh4fQK8uk9PGJMYdfwyrmPP8cKz
IkBeH8e5qFLkUiYYqriLBgEFC4z5ogQMFEC2iiG1eaKAU6tUvsyCMQFjJeUcbjys
T9mjsCDIZfj9lfCWrifiBug3higrXwp3XLKeJw7Uz00a93jHqvk=
=qnzT
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2899-1] policykit-1 security update
Next by Date: [SECURITY] [DLA 2901-1] libxfont security update
Previous by thread: [SECURITY] [DLA 2899-1] policykit-1 security update
Next by thread: [SECURITY] [DLA 2901-1] libxfont security update
Index(es):
- Date
- Thread