[SECURITY] [DLA 2900-1] lrzsz security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2900-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
January 25, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : lrzsz
Version : 0.12.21-8+deb9u1
CVE ID : CVE-2018-10195
An issues has been found in lrzsz, a set of tools for zmodem/xmodem/ymodem
file transfer.
Due to an incorrect length check, which might result in a size_t wrap
around, an information leak to the receiving side could happen.
For Debian 9 stretch, this problem has been fixed in version
0.12.21-8+deb9u1.
We recommend that you upgrade your lrzsz packages.
For the detailed security status of lrzsz please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lrzsz
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmHwdKpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfb6w//RtutOLAcIdNhoDpicQmZpdUw8Gh17yqrTUlTd90/0PmAfM0ZC2RDt/yr
CgXDZ77vJ8qjo+9IREpzSTR1hQpakSjKVb9a4y9kk1X4Sz0ZxvZugvHZUcou1Yzg
JN0hnukhXGwwRHr/JFbOkqm04JUCJ1afcVNuN9x1VPTZybb0NkdbN+35HEobwdXE
dsDVwq8bJGuYB12kviv8O0Mhot3g6zd1jQfTJUyvW9MjkuuTSo1eFHJPQ/J53kDr
6St3wRQhPzifjZCdjuMVj1utVj4siALUCBWP5V8VxWDh/ryUfWlbP+481oe78VQU
rvfkGMkZSDOAU5KI+37AkdlEgTaLtyY88rHljBDdZGzeMY925cTwSFLECy+RRLer
b0j0poV67uTZm5lgnxbSZb40B1CQmmKeY1eisf9FtZc2df6oyKQGGigS2mryXLqb
CGY1FPf+X3LoJ+G15M32GiXg4TjWz6wD4VaJh1pLHNnLNDAPE/56xAxO5rZNHfyn
yHUNAmzCSl1ftka4gmXmrUaWljFTd+cPayYRJQh4fQK8uk9PGJMYdfwyrmPP8cKz
IkBeH8e5qFLkUiYYqriLBgEFC4z5ogQMFEC2iiG1eaKAU6tUvsyCMQFjJeUcbjys
T9mjsCDIZfj9lfCWrifiBug3higrXwp3XLKeJw7Uz00a93jHqvk=
=qnzT
-----END PGP SIGNATURE-----
Reply to: