|
|
Log in / Subscribe / Register

Debian alert DLA-4463-1 (pyasn1)



From:
              Utkarsh Gupta <utkarsh@debian.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 4463-1] pyasn1 security update


Date:
              Sun, 01 Feb 2026 20:36:50 +0530


Message-ID:
              <CAPP0f95di746OFt3_BzL4pL0xkVqpt5kJcM1YpuZGQCbEpSEGw@mail.gmail.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-4463-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
February 01, 2026                           https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : pyasn1
Version        : 0.4.8-1+deb11u1
CVE ID         : CVE-2026-23490
Debian Bug     : 1125753

It was discovered that pyasn1, a generic ASN.1 library for Python, is
prone to a denial of service vulnerability, which may result in memory
exhaustion from malformed OID/RELATIVE-OID with excessive continuation
octets.

For Debian 11 bullseye, this problem has been fixed in version
0.4.8-1+deb11u1.

We recommend that you upgrade your pyasn1 packages.

For the detailed security status of pyasn1 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pyasn1

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAml/a5EACgkQgj6WdgbD
S5YlQw/9GdmvJRbly890IbX1vjRkwOsl1qDS1AnHOO0Bqb27AJpoKrg2TJhMFa4j
q47LLWmFPa8zl+KZ8lDQULrLg1kp3tDPH1yYbCLUvmUHiVixdxzqGdauOURVXIIi
maZCKZuT/te5EKh2iJlRz9u413/soDTs4BdLeiMojMSsXhVFnvJD0TCDNN/0J2wT
4WcGqSQ9L1dfAdjPNaZ/WETKz6O/zKE+/myttG14++dFG0O6b0VGM3e5gIAIlYhx
Dcf+FzCxLulh+cH6SyBlEWllS+8xlEdE+uxjjHh7htjzcuXy1ZYGTE6IWTEZp1IJ
QhdP+XEkPndAJaAA5tegExT8nUy4ZH07Zbzsde1NSBUm70mWnuN1AEENCSNc891m
6Msj7d6BIr+WiMCb3HMV4tA8RWuXWe715kUUZpCN2VsD8TT8D4E0zmzvKBk05LK3
6KhAsNKlJhTvq8jGC8oSx9BYQuTUaOj0ezCAWrspjIEkqszMFe9D0bfBBrJpGhJj
kPOzU3D6gwkGhOTU75fEcNkHiiOcJukZfcGgTzDmM4Ey7qo1ynzkeBBTaZU7aBD0
x+iBqY+WyQxW6csJHy53NKUKIJDBZHq9OJRS9MVxr6n7xuaGj61lWQYClClcD7ia
p10l7G5fo0hIPDhVEDOdh66OIYZtqAnjV7Puw+bgyeHLbi3et9o=
=uTCo
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds