[CLSA-2026:1783632526] Fix CVE(s): CVE-2026-41992
Type:
security
Severity:
Important
Release date:
2026-07-09 21:29:01 UTC
Description:
* SECURITY UPDATE: out-of-bounds read in the LZH decoder from stale shared decompression state (left/right) reused across a .Z then .lzh member in a single gzip -d invocation - debian/patches/CVE-2026-41992.patch: clear left/right when n == 0 in read_c_len() in unlzh.c - CVE-2026-41992
CVEs fixed:
Updated packages:
  • gzip_1.9-3+deb10u1+tuxcare.els1_amd64.deb
    sha:dfdf7d0cb031bad50db3eed2074a3f786e90b2e5
  • gzip-win32_1.9-3+deb10u1+tuxcare.els1_all.deb
    sha:3192c7fc68c0d2e3b858606e5875b8700b603eec
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.