Thursday, April 3, 2025

[USN-7414-1] XZ Utils vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmfu4uQFAwAAAAAACgkQZWnYVadEvpMU
6Q/+IfIxpSGIjnbo+yeJ4/QmUyqHJUufcXkB4PBeGf8VLtDiGkAAl8Cnw3qU0UcNLkJHO6t/A5kS
ainG4tyKDS9yPxHNTkEZwsOANa0+278UrMpp9ziobvI+1tlWC+uFY1omqrtF+USXssuvOqZyXMyF
1AxidXoJTP2ABTa4SPxixJkIAxUDlx6ouxYXwkDJYbOXhN71AcKBeof28PxithwKvqBer6MhzEca
dd1uaYqVPP0s1GGO7jFNSpXQVKUzDhJ8NViJAELQ8At6lv0pDlMP4afQmmTMaZAGKW4//fbSUvLn
KWGGZP37TPxaG+Ipq3fMhLfs01T3W011LSvEPkS4zGz88jWhHKgsSJYOrgE0gUBtxMF/EjF1rpYT
Yj5QdVuKhl6J6pbRJYD134LccI9l5uV7YTdkCc1OmD4a+S2llgyIaxT9E9v34Hfnq8EumLa8Q1kp
7gis6Iu0w1k6GkV3WwRLGOPO2lOmGxBEebdnXOl/LwaBUJzYrUxeNBnOZVIDLaemwwZ1CVYX95kk
sb18Cp7mg1Z9eUECHsyz3t5CNDnyO/UuJJytBWQdSLUtSb5e+DRjFYYS21Ef8W7olJ/Vnz2pEtnk
9J1CND+MPPn7CMifiFwYE1Xa7TGHFzppu9BK4E/5cUiP5X2/lSONJkB2sxZxWijwsq3+2NfF66tS
zQU=
=38VA
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7414-1
April 03, 2025

xz-utils vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS

Summary:

XZ Utils could be made to crash or run programs if it opened a specially
crafted file.

Software Description:
- xz-utils: XZ-format compression utilities

Details:

Harri K. Koskinen discovered that XZ Utils incorrectly handled the threaded
xz decoder. If a user or automated system were tricked into processing an
xz file, a remote attacker could use this issue to cause XZ Utils to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
xz-utils 5.6.2-2ubuntu0.2

Ubuntu 24.04 LTS
xz-utils 5.6.1+really5.4.5-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7414-1
CVE-2025-31115

Package Information:
https://launchpad.net/ubuntu/+source/xz-utils/5.6.2-2ubuntu0.2
https://launchpad.net/ubuntu/+source/xz-utils/5.6.1+really5.4.5-1ubuntu0.2

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)