A xz-utils security update has been released for Debian GNU/Linux 10 and 11 to address incorrect handling of filenames by xzgrep in xz-utils that can result in overwrite of arbitrary files or execution of arbitrary code if a file with a specially crafted filename is processed.