[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1600-1] libarchive security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libarchive
Version        : 3.1.2-11+deb8u4
CVE ID         : CVE-2015-8915 CVE-2016-8687 CVE-2016-8688
                 CVE-2016-8689 CVE-2016-10209 CVE-2016-10349
                 CVE-2016-10350 CVE-2017-5601 CVE-2017-14166
                 CVE-2017-14501 CVE-2017-14502 CVE-2017-14503
Debian Bug     : 853278 875960 875974 875966 874539 840934
                 840935 861609 859456 861609 784213

Multiple security vulnerabilities were found in libarchive, a
multi-format archive and compression library. Heap-based buffer
over-reads, NULL pointer dereferences and out-of-bounds reads allow
remote attackers to cause a denial-of-service (application crash) via
specially crafted archive files.

For Debian 8 "Jessie", these problems have been fixed in version
3.1.2-11+deb8u4.

We recommend that you upgrade your libarchive packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlwAaRJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRywBAAr6V0AJOtQK/9k641h4l4xN8qNxG7mgDr5BYM0Y2JfW2Z34jauJuYiqJJ
Pq/MipXJmqOPunGw8JSvC0fBN2W4rpz0uWGrwdEU31P60EtFVRXULk9h4eJyn7aF
Kx2eRirY4+3piNsm1Z/mOqYpxQ+1BxTh4yaJ1hiCQdqu4kz0lmNNqn6nWFkO59Ww
Cem83LMaP/u7cmWKiJpN3G+gDHPGu3LHKkeV+FoSw9a02a8RXjnYtG+DsIRtryuT
lsl43bx/fZvS3gCMtWYMCuMLfalzfMkPertBfzxgjV4rzObEGhOVmt0PosJFhug8
SFierPflrY2NwD59+rngHPEI7peClfiCARxizIEnkINosQrxCdxr0mOle8f9DCX0
O0OzdEoTjL1e4DTBMdpJd0IVVWj0KmU86TyX5alsV/QG9Cyc1WpCF5LuVOrxlYGP
LYDlU3LqFYgemMcX0upsLDy6MPlEOlHscVKVTA2Sjd8/mBvst0PmVCFKis5rpjFk
lFJYqV1QhV5pAKouMxptcZB/OJ7B97JAnmCpn4OKc1GHsugcFq5GbtBE3fQuEoA8
PQpeKBIL3FcvWPm/7v3+O2sRLH9azCNh/jWJ3sJi7Wfbe0FihYVnCmpcUoKhZt3H
yCcEaWySqrlYz5bdemOQoT8ZSfZ/pveIKZOlxXggo7iamuwlM+w=
=KPK2
-----END PGP SIGNATURE-----


Reply to: