[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1006-1] libarchive security update

Package        : libarchive
Version        : 3.0.4-3+wheezy6
CVE ID         : CVE-2016-10209 CVE-2016-10349 CVE-2016-10350
Debian Bug     : 859456 861609

Multiple denial of services vulnerabilities have been identified in 
libarchive when manipulating specially crafted archives.


    NULL pointer dereference and application crash in the
    archive_wstring_append_from_mbs() function.


    Heap-based buffer over-read and application crash in the
    archive_le32dec() function.


    Heap-based buffer over-read and application crash in the
    archive_read_format_cab_read_header() function.

For Debian 7 "Wheezy", these problems have been fixed in version

We recommend that you upgrade your libarchive packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Attachment: signature.asc
Description: PGP signature

Reply to: