------------------------------------------------------------------------- Debian LTS Advisory DLA-3731-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Colin Watson February 01, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : man-db Version : 2.8.5-2+deb10u1 CVE ID : Debian Bug : 926450 948238 1061870 man-db provides the "man" command used for reading manual pages. man-db 2.7.6.1-3 added AppArmor confinement for filter programs called by man, and man-db 2.8.0 added a seccomp sandbox to confine subprocesses that handle untrusted data. These hardening measures caused various problems that have been fixed in more recent releases: the AppArmor confinement broke the ability to save compressed cat pages under /var/cache/man/, while the seccomp sandbox broke Hardened Malloc as well as systems using mksh-derived shells. For Debian 10 buster, these problems have been fixed in version 2.8.5-2+deb10u1. We recommend that you upgrade your man-db packages. For the detailed security status of man-db please refer to its security tracker page at: https://security-tracker.debian.org/tracker/man-db Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature