Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

openSUSE: 2023:0088-1 Important: 12 Threats Resolved in UPX

opensuse
Calendar Grey April 11, 2023
Dist Opensuse Esm H88
A significant Arch Linux patch targets 15 flaws in libjpeg, boosting both security measures and system reliability.
An update that fixes 12 vulnerabilities is now available

Description

upx was updated to fix the following issues:

Update to release 4.0.2

* Fix unpack of ELF x86-64 that failed with "CantUnpackException: corrupt

b_info"

* Resolve SEGV on PackLinuxElf64::invert_pt_dynamic

- CVE-2021-30500: Fixed Null pointer dereference in

PackLinuxElf:canUnpack() in p_lx_elf.cpp

- CVE-2021-30501: Fixed Assertion abort in function MemBuffer:alloc()

- CVE-2021-43311: Fixed Heap-based buffer overflow in

PackLinuxElf32:elf_lookup() at p_lx_elf.cpp

- CVE-2021-43312: Fixed Heap-based buffer overflow in

PackLinuxElf64:invert_pt_dynamic at p_lx_elf.cpp:5239

- CVE-2021-43313: Fixed Heap-based buffer overflow in

PackLinuxElf32:invert_pt_dynamic at p_lx_elf.cpp:1688

- CVE-2021-43314: Fixed Heap-based buffer overflows in

PackLinuxElf32:elf_lookup() at p_lx_elf.cp

- CVE-2021-43315: Fixed Heap-based buffer overflows in

PackLinuxElf32:elf_lookup() at p_lx_elf.cp

- CVE-2021-43316: Fixed Heap-based buffer...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory critical threat important patch openSUSE upx

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP4:

zypper in -t patch openSUSE-2023-88=1

Package List

- openSUSE Backports SLE-15-SP4 (aarch64 ppc64le s390x x86_64):

upx-4.0.2-bp154.4.6.1

upx-debuginfo-4.0.2-bp154.4.6.1

upx-debugsource-4.0.2-bp154.4.6.1

References

https://www.suse.com/security/cve/CVE-2021-20285.html

https://www.suse.com/security/cve/CVE-2021-30500.html

https://www.suse.com/security/cve/CVE-2021-30501.html

https://www.suse.com/security/cve/CVE-2021-43311.html

https://www.suse.com/security/cve/CVE-2021-43312.html

https://www.suse.com/security/cve/CVE-2021-43313.html

https://www.suse.com/security/cve/CVE-2021-43314.html

https://www.suse.com/security/cve/CVE-2021-43315.html

https://www.suse.com/security/cve/CVE-2021-43316.html

https://www.suse.com/security/cve/CVE-2021-43317.html

https://www.suse.com/security/cve/CVE-2023-23456.html

https://www.suse.com/security/cve/CVE-2023-23457.html

https://bugzilla.suse.com/1183510

https://bugzilla.suse.com/1184701

https://bugzilla.suse.com/1184702

https://bugzilla.suse.com/1207121

https://bugzilla.suse.com/1207122

https://bugzilla.suse.com/1209765

https://bugzilla.suse.com/1209766

https://bugzilla.suse.com/1209767

https://bugzilla.suse.com/1209768

https://bugzilla.suse.com/1209769

https://bugzilla.suse.com/1209770

h...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2023:0088-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP4 .

Topics%20covered

Topics Covered

security advisory critical threat important patch openSUSE upx

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here