Package : libarchive Version : 3.0.4-3+wheezy6 CVE ID : CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 Debian Bug : 859456 861609 Multiple denial of services vulnerabilities have been identified in libarchive when manipulating specially crafted archives. CVE-2016-10209 NULL pointer dereference and application crash in the archive_wstring_append_from_mbs() function. CVE-2016-10349 Heap-based buffer over-read and application crash in the archive_le32dec() function. CVE-2016-10350 Heap-based buffer over-read and application crash in the archive_read_format_cab_read_header() function. For Debian 7 "Wheezy", these problems have been fixed in version 3.0.4-3+wheezy6. We recommend that you upgrade your libarchive packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/
Attachment:
signature.asc
Description: PGP signature