[SECURITY] [DLA 4136-1] openrazer security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4136-1] openrazer security update
From: Adrian Bunk <bunk@debian.org>
Date: Thu, 24 Apr 2025 14:01:48 +0300
Message-id: <[🔎] aAoaHO1ScxAfH3xO@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4136-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
April 24, 2025                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : openrazer
Version        : 2.9.0+dfsg-1+deb11u1
CVE ID         : CVE-2022-23467 CVE-2022-29021 CVE-2022-29022 CVE-2022-29023 
                 CVE-2025-32776

Multiple vulnerabilities have been fixed in the OpenRazer drivers for
devices from Razer, a company selling hardware mainly targeted at gamers.

CVE-2022-23467

    out-of-bounds read

CVE-2022-29021

    buffer overflow in the razerkbd driver

CVE-2022-29022

    buffer overflow in the razeraccessory driver

CVE-2022-29023

    buffer overflow in the razermouse driver

CVE-2025-32776

    out-of-bounds read

For Debian 11 bullseye, these problems have been fixed in version
2.9.0+dfsg-1+deb11u1.

We recommend that you upgrade your openrazer packages.

For the detailed security status of openrazer please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openrazer

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmgKGhgACgkQiNJCh6LY
mLEdPQ/+OFccDsCLmNHb5OSaRQF0rQnYR9zlpoiiqHrmu7Ikm5iPdHGtdPr6neWA
sZwJhtLMtmT69Bp+UceMUbO27eYnus8mrPtSPr2ipAG4j97xcmX3UYxWDfvsxGzK
oKx4QV5FBLWypVmw1ApPdxW7eR5SdSa0TnGUD/9A91PFTgu27Jo5ByolRYBaHRK5
j1Q+wjI4V4dhreSnFJy2nejYbzzJIAp/H9KNshT8c9CBcMjPMhhL+Hc+IsPfL3Zq
3jDUBVOlTgo3QN9muQ194txkZqXQ3OWBag+FIF/UaorpShLQ6LpDnXHKouF8Htk6
nJbh5N0xnAVmOn0Y1P8kjNkeLEGb5YAN78KSzdw0K2c/BBkFx8Egl+CuAzqKPO37
Ds4pq62AvY5cNlZYNsQJnCRmWy3BHk3Jqud5oXF8RXB3/ifziLKNf/JfWcXrmqmc
llXoNBnvc7NZM3ei7tmZX6hRWyBFXJLMRU+vhPBFbWla3kTNUBMlgL7QhMLtDfxa
wvt6tclFdO0Cuwan/Kxm5naJAYvZUOqb3hkRpDpb26so5XFgxNR2LNtoq7RLy+Eq
irwEdbgQwuS2tXRAwYhE7fobQbive16MRfmnYf4GyCVNJ8dKQ7+TD9dtG8/PVzY1
cl7+USoNHFR4dp7n80HnHUBOPlUWYXg7a5evPri9w9T6/IEjbV0=
=v+lK
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4135-1] haproxy security update
Next by Date: [SECURITY] [DLA 4137-1] libbpf security update
Previous by thread: [SECURITY] [DLA 4135-1] haproxy security update
Next by thread: [SECURITY] [DLA 4137-1] libbpf security update
Index(es):
- Date
- Thread