SUSE Package Hub - openSUSE-2023-31

Update Info

openSUSE-2023-31

Security update for upx

Type: security

Severity: moderate

Issued: 2023-01-23

Description:

upx was updated to fix the following issues:

- CVE-2023-23457: Fixed a segmentation fault when processing malicious elf files (boo#1207122)

Update to release 4.0.1

* Fix crash when a linux/armeb LZMA-packed binary unpacks itself.
* Resolve "CantPackException: bad ElfXX_Shdrs" with
  staticly-linked programs.
* Resolve "CantPackException: need DT_INIT;..." when attempting
  to re-compress an already packed binary.

Update to release 4.0

* Add support for EFI files

References

CVE: CVE-2023-23457
Bugzilla: 1207122 https://bugzilla.opensuse.org/show_bug.cgi?id=1207122

Packages

upx-4.0.1-bp154.4.3.1