[SECURITY] [DLA 1092-1] libarchive security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : libarchive
Version : 3.0.4-3+wheezy6+deb7u1
CVE ID : CVE-2017-14166
Debian Bug : #874539
It was discovered that there was a denial of service vulnerability in the
libarchive multi-format compression library. A specially-crafted .xar
archive could cause via a heap-based buffer over-read.
For Debian 7 "Wheezy", this issue has been fixed in libarchive version
3.0.4-3+wheezy6+deb7u1.
We recommend that you upgrade your libarchive packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlmyWMwACgkQHpU+J9Qx
HlhOSRAAsW4o57oFUDEvJpZ50/cMKeQ6xXvwYbja64UIjzvtjna/cvQn2a8868c9
wHF4YueClL88YdCESolsKG+vh/DM+dqZGdiU5RsOvqa2wVpMo671NkIA7KIbRlvM
fa6RSOMYX0PKPnxBjjhuFj5QX65m3SdGEAlBb3vYdPgVdrZunfm0nSy8k8tpqRxB
DAO8PnI8/2mooaPzvF6O9ZkGfnC7toxPc9gVE4A3JpnK7olPSVKOsVSuMBF+9qk2
CHXlRTEF1Xe0Hu3pybYZMEMV8cJTGG04m9wDEV5qL96ui68yE1KBZF5M8Q0i0XxI
5qTDrPQ4Ez8WDxJN11R1WZ7j7rzCbfLYJW2iCLerCtCUhTF7kHC6av8QaNCTUvNL
FLzVTEzHUzs9eAkYC3RgS3asQDfx0JFKhtosVczjoR1RvK81L6AmCtStLnP/bF5j
IVPvc/zPbuCzOLqCAGmRY5LNNVl+JFsnsU9di8N3/hcIMiYF5NwlvDOtu8CEE2A0
yVUzaan1LKJodx2U3Mc8j9cXS7E5ElXhIZT0cTxNmu7PAstcuBGGB6vdKGB8g9vY
ibKB7SSFk644OM41BUE+M9bSEnmuFUF6DXG7VUstma0YK05mBEfP8kyVCF90w5Th
EqzSPi1Bp5StxHDVSIAvi0cXQV6T4rMW28AVCjLIwIcNVUkZ1uQ=
=zqko
-----END PGP SIGNATURE-----
Reply to: