Debian Security Advisory

DLA-166-1 libarchive -- LTS security update

Date Reported:

07 Mar 2015

Affected Packages:

libarchive

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 778266.

More information:

Alexander Cherepanov discovered that bsdcpio, an implementation of the cpio program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths.

For Debian 6 Squeeze, these issues have been fixed in libarchive version 2.8.4.forreal-1+squeeze3