Explore top 10 tips to secure your open-source projects now. Read More
×
To address these security vulnerabilities, whose fixes are
unfortunately not isolated, this update again replaces p7zip with a
recent 7-Zip (now v26.01), slightly modified to make it reasonably
compatible with p7zip.
CVE-2026-48092
SquashFS Fragment Offset Overflow
CVE-2026-48095
Heap Buffer Write Overflow
CVE-2026-48101
UEFI Capsule uninitialized heap memory disclosure
CVE-2026-48102
UDF Field OOB Read
CVE-2026-48103
WIM SecurityId OOB read
CVE-2026-48104
SquashFS BlockToNode uninitialized heap read
CVE-2026-48111
UEFI DEPEX OOB Read
CVE-2026-48112
Ar SYMDEF OOB Read
For Debian 11 bullseye, these problems have been fixed in version
16.02+really26.01+dfsg-0+deb11u1.
We recommend that you upgrade your p7zip packages.
For the detailed security status of p7zip please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/p7zip
Further information about Debian LTS security advisories, how to apply
Get the latest Linux and open source security news straight to your inbox.