Fedora 37 Upx Security Advisory: Critical Heap Overflow and SEGV Issues

UPX is a free, portable, extendable, high-performance executable

packer for several different executable formats. It achieves an

excellent compression ratio and offers very fast decompression. Your

executables suffer no memory overhead or other drawbacks.

Patches for CVE-2023-23456 and CVE-2023-23457

* Thu Jan 12 2023 Gwyn Ciesla - 4.0.1-2

- Patches for CVE-2023-23456, CVE-2023-23457

* Thu Nov 17 2022 Gwyn Ciesla - 4.0.1-1

- 4.0.1

* Fri Nov 4 2022 Gwyn Ciesla - 4.0.0-1

- 4.0.0

[ 1 ] Bug #2160383 - CVE-2023-23456 upx: heap-buffer-overflow in PackTmt::pack() [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2160383

[ 2 ] Bug #2160385 - CVE-2023-23457 upx: SEGV on PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2160385

su -c 'dnf upgrade --advisory FEDORA-2023-89fdc22ace' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: