[SECURITY] [DLA 3202-1] libarchive security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3202-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
November 22, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : libarchive
Version : 3.3.3-4+deb10u2
CVE ID : CVE-2019-19221 CVE-2021-23177 CVE-2021-31566
Debian Bug : 945287 1001986 1001990
Three issues have been found in libarchive, a multi-format archive and
compression library.
CVE-2019-19221
out-of-bounds read because of an incorrect mbrtowc or mbtowc call
CVE-2021-23177
extracting a symlink with ACLs modifies ACLs of target
CVE-2021-31566
symbolic links incorrectly followed when changing modes, times,
ACL and flags of a file while extracting an archive
For Debian 10 buster, these problems have been fixed in version
3.3.3-4+deb10u2.
We recommend that you upgrade your libarchive packages.
For the detailed security status of libarchive please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libarchive
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmN9Bu4ACgkQDTl9HeUl
XjDUjQ/+NGbGgjThmyII2G23jsXane7reVJJHfL4kmL1KCduNgJBDvr+Wk6VN3Wv
Sy6YVANQvvec/6+CVGpFwEldQGjgv1ocnspV8mG7/2tccEXtZjSZ40jbTLxa7oP7
j+43AHdUkv+wzYW+RdeMY/lQZn1FzM7lKpKAl1AZTxPhg/5rWpGNnp691W913b5U
byoWUKE9LSB76YrhgjlTFm9S4Hbc7nTLx91YSUw28kLDb5sJ0mPXoNla9ySn3+oh
Q3COKmyP0x9ty+e98jq9SPUSrMHxOp6dY5A5Q0/3tdvMHNDEyXlqW2CZZY/zFlCC
ulfJi+2E5jCfb0uNTQkDDFRoCuLnRTO/akujkSRiVvRkOni0U5LGckkrwW5hfi0u
5Ms1CO91iKx4Gpanv3uRCrKmzvp2FGnnKW/apUEIufPZgqutI+tSBS05Gq/nF4MS
rRpmjngi8vq2XsVuR4ToP0fFV1QL8/9xSx+iTGQCwvN9bq3rmH0CH4hVjfWe8BRU
lEEQcuooxDZjVTLHwES6Xj9zSv8R0W2XgtcpJSIwpep8HLJxO+nMBRa2fNvpnWei
GqhF/EsmfWkqM87VzwbkS3/SgxGAF4Yto/zxGeJR9K+KRegcKS0acDYV7yHE5wAv
Lr/mRNY6gnpVfuRBpY/0jv84gqVArvkPtO0AZl1tt1QRWeOa1y4=
=kmTA
-----END PGP SIGNATURE-----
Reply to: