Debian alert DLA-4469-1 (alsa-lib)
| From: | Paride Legovini <paride@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4469-1] alsa-lib security update | |
| Date: | Fri, 06 Feb 2026 00:00:04 +0100 | |
| Message-ID: | <934a920e3be66e2867b8b232abaa6314@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4469-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Paride Legovini February 05, 2026 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : alsa-lib Version : 1.2.4-1.1+deb11u1 CVE ID : CVE-2026-25068 A buffer overflow in the alsa-lib package can lead to a crash when a topology file (.tplg) has an excessive num_channels value. The alsa-lib package contains libraries and tools to interface with ALSA, the Advanced Linux Sound Architecture. For Debian 11 bullseye, this problem has been fixed in version 1.2.4-1.1+deb11u1. We recommend that you upgrade your alsa-lib packages. For the detailed security status of alsa-lib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/alsa-lib Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- wsC7BAEBCgBvBYJphSDvCRDWWGGIPgFNuUcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmfBluMV9S0YjbMYv58bLryOH3e4LsJWcanPMvjVnIVu KxYhBFYa1YXu12aSG6jdltZYYYg+AU25AAAqBgf/ekxv8ZQPfu3Zh2SAz+h6aEgH EhQJEeHeb6LIwQg+80Dlwxb+UXrh/pSecZ+WEKLGUEt0rwr7f5LA8hILHKW37E1X T5kVx9hI28jqstWjH4IJvPCSnrUxRFuWriMEd0/5UlAmQ4pxvq57vmeRq2y+6Tvj pDSxKgW3ZAZfJ8fbjyIXDVWCzUTItCBMSLKNY47HE77g73vTJLwKAkh84XUNTlsT g5StrhP8QiJMBA85nxbdLjCzL6DEYLhSbF7VT8P4IqwF6RkKy+5nphV28VUMTEQi ERvrblN2yJlIw1tAPqhdlEN1ugSUZBZtrJCA7k6W4EZliWnQ7Hm87hfUUziOzQ== =GvDX -----END PGP SIGNATURE-----