[SECURITY] [DLA 4463-1] pyasn1 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -----------------------------------------------------------------------
Debian LTS Advisory DLA-4463-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
February 01, 2026 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------
Package : pyasn1
Version : 0.4.8-1+deb11u1
CVE ID : CVE-2026-23490
Debian Bug : 1125753
It was discovered that pyasn1, a generic ASN.1 library for Python, is
prone to a denial of service vulnerability, which may result in memory
exhaustion from malformed OID/RELATIVE-OID with excessive continuation
octets.
For Debian 11 bullseye, this problem has been fixed in version
0.4.8-1+deb11u1.
We recommend that you upgrade your pyasn1 packages.
For the detailed security status of pyasn1 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pyasn1
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAml/a5EACgkQgj6WdgbD
S5YlQw/9GdmvJRbly890IbX1vjRkwOsl1qDS1AnHOO0Bqb27AJpoKrg2TJhMFa4j
q47LLWmFPa8zl+KZ8lDQULrLg1kp3tDPH1yYbCLUvmUHiVixdxzqGdauOURVXIIi
maZCKZuT/te5EKh2iJlRz9u413/soDTs4BdLeiMojMSsXhVFnvJD0TCDNN/0J2wT
4WcGqSQ9L1dfAdjPNaZ/WETKz6O/zKE+/myttG14++dFG0O6b0VGM3e5gIAIlYhx
Dcf+FzCxLulh+cH6SyBlEWllS+8xlEdE+uxjjHh7htjzcuXy1ZYGTE6IWTEZp1IJ
QhdP+XEkPndAJaAA5tegExT8nUy4ZH07Zbzsde1NSBUm70mWnuN1AEENCSNc891m
6Msj7d6BIr+WiMCb3HMV4tA8RWuXWe715kUUZpCN2VsD8TT8D4E0zmzvKBk05LK3
6KhAsNKlJhTvq8jGC8oSx9BYQuTUaOj0ezCAWrspjIEkqszMFe9D0bfBBrJpGhJj
kPOzU3D6gwkGhOTU75fEcNkHiiOcJukZfcGgTzDmM4Ey7qo1ynzkeBBTaZU7aBD0
x+iBqY+WyQxW6csJHy53NKUKIJDBZHq9OJRS9MVxr6n7xuaGj61lWQYClClcD7ia
p10l7G5fo0hIPDhVEDOdh66OIYZtqAnjV7Puw+bgyeHLbi3et9o=
=uTCo
-----END PGP SIGNATURE-----
Reply to: