-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3766-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta March 19, 2024 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : zfs-linux Version : 0.7.12-2+deb10u3 CVE ID : CVE-2013-20001 CVE-2023-49298 Debian Bug : 1059322 1056752 A couple of vulnerabilities were found in zfs-linux. CVE-2013-20001 In OpenZFS, when an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied. CVE-2023-49298 OpenZFS in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. For Debian 10 buster, these problems have been fixed in version 0.7.12-2+deb10u3. We recommend that you upgrade your zfs-linux packages. For the detailed security status of zfs-linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/zfs-linux Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmX4rMwACgkQgj6WdgbD S5bzhA/+IJAhiFoH3MmroKlL300keQy6PRaBR/pcIFkDug3Sgq0LFk8xTNudCBbk jZLFIEwhE6/BORQKhcGebZZgSGQwwPs7au4AaFm7dvML1rcaKhkMsItNK1+Zki5i ZJiuF6ZS/DtqiqxJuXc574Cm4l218PDhCjn9jTXN0P2EsVW88AHHZoWDZofXbsCD 8roWfA3PT4cWhUXMzXS7ZYVQ5tXnaUfE7eCAnbZO3dRl6jtbZhJfkPTULNTNRWm2 OQQ+ecT1QydwWVMkzF+qEDZS2bZmVbmkEn6OkeyXWD6wTVVgpXaMvbUhdJ18ssEp FA+/aiajdBtEKQoKxk4V5RrYzEn8P7r5viJiC53KVYaLcgTwkVDdsS6IMmfdagzG UaWp3udmnIDYtUpL/FORRsiBRQp6Psc2di+pE5mIjCUe2XUnDSu0eilvztSUUiWh Jr+evl2/4xEN61OG8jw33VIOiG5ZG8jcyER0INNTm1xymDoKmaxNzrqzyWMsMysV /n8uVYcrOGKJKD4TLsyh9Bah67zcsEoyNWwuhKgr6A+JFK8A7bJWKULcAMiRojlU HEUjAitlwjZFJd59ymK+T+/WmezkSDoklge3v/vYApEHBEh0rVYHnxWOvd/uPhas SZf9fzFX7e+x24L4ZaqRsx2n5O7P0Rqc+2ZYjPW1Shs5TQbw+tE= =ey81 -----END PGP SIGNATURE-----