Release date:
2026-07-09 21:29:01 UTC
Description:
* SECURITY UPDATE: out-of-bounds read in the LZH decoder from stale shared
decompression state (left/right) reused across a .Z then .lzh member in a
single gzip -d invocation
- debian/patches/CVE-2026-41992.patch: clear left/right when n == 0 in
read_c_len() in unlzh.c
- CVE-2026-41992
Updated packages:
-
gzip_1.9-3+deb10u1+tuxcare.els1_amd64.deb
sha:dfdf7d0cb031bad50db3eed2074a3f786e90b2e5
-
gzip-win32_1.9-3+deb10u1+tuxcare.els1_all.deb
sha:3192c7fc68c0d2e3b858606e5875b8700b603eec
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.