[SECURITY] [DLA 4426-1] osslsigncode security update

Mon, 29 Dec 2025 21:47:28 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4426-1                [email protected]
https://www.debian.org/lts/security/                          Abhijith PA
December 30, 2025                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : osslsigncode
Version        : 2.5-4~deb11u1
CVE ID         : CVE-2023-36377
Debian Bug     : 1035875

A Buffer Overflow vulnerability has been found in osslsigncode, a
OpenSSL based Authenticode signing tool for PE/MSI/Java CAB files,
which possibly allows an malicious attacker to execute arbitrary code
when signing a crafted file.

For Debian 11 bullseye, this problem has been fixed in version
2.5-4~deb11u1.

We recommend that you upgrade your osslsigncode packages.

For the detailed security status of osslsigncode please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/osslsigncode

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmlTZ1AACgkQhj1N8u2c
KO8woQ//UDW+wmzyY1YhFLZyq+4Q/7XgzNsvtJsRc/PsSiXw5R/6jRdIZfIKsJnq
3CUNK4juACU/l9I4H4++g5HQX9H7rA2vfIfDKhCkF48Sv8FHaz+bSc1HSZ1kxosZ
W8kvObtwmHKtF0onb/J/mvg9F7Bf0ve9WukM0x7h+dX2pYa5vNB1yiFTlM3L7+J0
/MUo5JBanmBsqMzZukA9xlUrazU9goPlM53JoJ0KKjMfd0NkhDCyUztKkufC8PcK
gWvDUK3wPDtG1sMEdPAeo/JAQSsfxC9EPFn0Bym8qK3yXU7BZQawOH+6bM4y0gHn
GtMAz/A0CuFlrvHY8CeNoGWqcGuHZmp3h+H/RB74RfHaeFUlSlJ9t76wZ1gvG3XA
V0yLGpkOqjC7bwKavwgjExb4AwwmEyoeRyNeBWVrw7lle6Fi2wQdZ7sYESh2B/bY
3WIvpraiDk/6GckIh/Cp6mW01cbxuy5yqvJFcaLhZM6GwAbPqwwhoE3TaQIUgbo0
ot2x4WnNuYwzcCf9r2UOkDQZpc5cofgZOhJBVPdFtQRqwCDwjRo+z5n8wU3wDI7m
94+3YjHp1H2C1bKgi4fhMkpiqm/y/bUjc5UEiEC0Vk+Db0rYpfd5M3ya6KyYAM8+
L2rF0riZdUdOxwDtVAGBhWDg+U/NVTuO/a5LVGj/6/Iz/iiU4fc=
=y5nl
-----END PGP SIGNATURE-----

Reply via email to