Fedora 37: upx 2023-89fdc22ace | LinuxSecurity.com
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-89fdc22ace
2023-01-22 01:40:20.174077
--------------------------------------------------------------------------------

Name        : upx
Product     : Fedora 37
Version     : 4.0.1
Release     : 2.fc37
URL         : https://github.com/upx/upx
Summary     : Ultimate Packer for eXecutables
Description :
UPX is a free, portable, extendable, high-performance executable
packer for several different executable formats. It achieves an
excellent compression ratio and offers very fast decompression. Your
executables suffer no memory overhead or other drawbacks.

--------------------------------------------------------------------------------
Update Information:

Patches for CVE-2023-23456 and CVE-2023-23457
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 12 2023 Gwyn Ciesla  - 4.0.1-2
- Patches for CVE-2023-23456, CVE-2023-23457
* Thu Nov 17 2022 Gwyn Ciesla  - 4.0.1-1
- 4.0.1
* Fri Nov  4 2022 Gwyn Ciesla  - 4.0.0-1
- 4.0.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2160383 - CVE-2023-23456 upx: heap-buffer-overflow in PackTmt::pack() [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2160383
  [ 2 ] Bug #2160385 - CVE-2023-23457 upx: SEGV on PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2160385
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-89fdc22ace' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 37: upx 2023-89fdc22ace

January 22, 2023
Patches for CVE-2023-23456 and CVE-2023-23457

Summary

UPX is a free, portable, extendable, high-performance executable

packer for several different executable formats. It achieves an

excellent compression ratio and offers very fast decompression. Your

executables suffer no memory overhead or other drawbacks.

Update Information:

Patches for CVE-2023-23456 and CVE-2023-23457

Change Log

* Thu Jan 12 2023 Gwyn Ciesla - 4.0.1-2 - Patches for CVE-2023-23456, CVE-2023-23457 * Thu Nov 17 2022 Gwyn Ciesla - 4.0.1-1 - 4.0.1 * Fri Nov 4 2022 Gwyn Ciesla - 4.0.0-1 - 4.0.0

References

[ 1 ] Bug #2160383 - CVE-2023-23456 upx: heap-buffer-overflow in PackTmt::pack() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2160383 [ 2 ] Bug #2160385 - CVE-2023-23457 upx: SEGV on PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2160385

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-89fdc22ace' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : upx
Product : Fedora 37
Version : 4.0.1
Release : 2.fc37
URL : https://github.com/upx/upx
Summary : Ultimate Packer for eXecutables

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.