Debian alert DLA-4557-1 (pyasn1)
| From: | Emmanuel Arias <eamanu@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4557-1] pyasn1 security update | |
| Date: | Fri, 01 May 2026 11:57:37 -0300 | |
| Message-ID: | <afS_YThmy6cB1YHK@debian> |
------------------------------------------------------------------------- Debian LTS Advisory DLA-4557-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Emmanuel Arias May 01, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : pyasn1 Version : 0.4.8-1+deb11u2 CVE ID : CVE-2026-30922 Debian Bug : 1131371 It was discovered that pyasn1, a generic ASN.1 library for Python, is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. This vulnerability can force the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory, crashing the host application. For Debian 11 bullseye, this problem has been fixed in version 0.4.8-1+deb11u2. We recommend that you upgrade your pyasn1 packages. For the detailed security status of pyasn1 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pyasn1 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEE3lnVbvHK7ir4q61+p3sXeEcY/EFAmn0v2AACgkQ+p3sXeEc Y/F45RAAhBPzyZmjYSIeoVz5lJwfk1j6BigGOjQ22fczAFEDdLJMHru1Ngg5CjXE 14lLPQr/la04eGu3AC9iyxZHFcU/ILt3fqG8Jksii35A/G9iz3wfl0ihFIJLkVxy 7ZIGio+I2nOEz9RteoYIApBD5x6GevsODNZzAzh14aCRSb8ZD87jIv2g953kVJxz q2OevK1Fzx4SHXwhCNmDK2Mha6emaEoKoXY1iWr2pd/NM0NOTz78THudJLVrFrIC trG3P5ZDyG9o8TBj5tUUsPOJiRKMqE8zvK9v3VS/cZZjBJqxP1+fzqlExwzaiSZN bYdt7xF0zF8J8hEY+6ojSAIBGI93eoos0qQ1PV8Qy/72YyC/sI+k8M3CEJ0vXI0S MkP6P5rcpq5INc2bZgbMu9fJcGE5l6/hs4sjY7WNfq2ZAglgw5+mbVeH4oLqSe7T exR8sF88roiLaXUf69DyQTDLA27QS8POYezeww8LnnQe+WVvlfccJCuuD4dPimlV XYK7Da/pZM/14+NSUK6FSJrhjCDCbBgPNxQyB6meA1oC0d2wESgL91F/7lP8awJU VDwaZjrnJpvC+4upOc3gKSQ3R55W8tVFox48IzX4VBlrp6ochrhMibNatSn045PY VaWxMeGhbjQr9moq2oMHnxA+6L/gspuh7n8lTTUmbS2yxFGl734= =2YGU -----END PGP SIGNATURE-----