[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1971-1] libarchive security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libarchive
Version        : 3.1.2-11+deb8u8
CVE ID         : CVE-2019-18408


An issue has been found in libarchive, a multi-format archive and compression library.

In case of a crafted archive containing several parts and one part being corrupt, there would be an use-after-free for the next part of the archive.


For Debian 8 "Jessie", this problem has been fixed in version
3.1.2-11+deb8u8.

We recommend that you upgrade your libarchive packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl20ukxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfEXQ//Y07q5RXJ+l95uFa/VsvW4JewMsEZ/WiMDxQRzhCcqhWyG5+6uNNAQ7M9
OqJiu20TOazwdYDGHiRXxr7VbBLGrMAFCT42jdoANvsJujvejqSP6wHnk3F5Ztu8
jZ3XclE8wSnDPHMZLbuJeUbFArgLAlf8OmhsxogAx6t/tKM+mp3wF9cj8m+iUpaq
zZPq4hom9Md7KyQfQQwbP9UmejqeyyDLzDw7v42Ha4M8T1a4tU603H/wm7HzQn2F
4TQ0sUsxN1tizGvpgvbOjZ+blbrDBXQspksI40WZtGbYGpblr1+x/nL2k7gHUJ0P
Jy8zYsD9W+kEw1Hcs8P8nvLSDBFDsjagi6BPcOzucacW0P80bJyG2Hsd7DQbqOA8
qQ/OJ+DHTRphlswZD29Ta8hSPWC6FasxrXf5LIxNfK40vE5+bIExPHrbHYU2Uza0
VCGSDMRAVMLOmrVWz0ykmwH7+VhIf0vM5NSvvg9X78EVjvAJu0cm38Z5mTDYXbZX
tBq9UcrjGCH3ARCy36kPudqFlwDIm5wwZSa6nDraw5LiZAh28/BtaYY+bvSR/eRi
0tLdITl9BUGVma3A2VZjQnHhFIRPNWIZgdVXqwjG7MzI7VzC3wVmNhr4Zu2JXwvq
P8KtFhwK1UgObbYdCfsWCmiVkIEN3jwNFGQYRkzYuTQ2NlTQXvo=
=rjtC
-----END PGP SIGNATURE-----


Reply to: