MNBSD-2025-3

MidnightBSD versions using xz 2.4.x or higher are vulnerable to a DOS in 
the multithreaded liblzma decompress code.

This includes 3.2.x before 3.2.3 and 4 current before earlier today.

Patch applied to stable/3.2 branch.

4-current updated to 5.6.3 and then patch applied.

details:

https://github.com/tukaani-project/xz/security/advisories/GHSA-6cc8-p5mm-29w2

https://www.midnightbsd.org/security/adv/MNBSD-2025-3.html


-- 
Lucas Holt
Luke@FoolishGames.com
________________________________________________________
MidnightBSD.org (Free OS)
JustJournal.com (Free blogging)

_______________________________________________
Midnightbsd-security mailing list
Midnightbsd-security@midnightbsd.org
http://www.midnightbsd.org/mailman/listinfo/midnightbsd-security