[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1092-1] libarchive security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libarchive
Version        : 3.0.4-3+wheezy6+deb7u1
CVE ID         : CVE-2017-14166
Debian Bug     : #874539

It was discovered that there was a denial of service vulnerability in the
libarchive multi-format compression library. A specially-crafted .xar
archive could cause via a heap-based buffer over-read.

For Debian 7 "Wheezy", this issue has been fixed in libarchive version
3.0.4-3+wheezy6+deb7u1.

We recommend that you upgrade your libarchive packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlmyWMwACgkQHpU+J9Qx
HlhOSRAAsW4o57oFUDEvJpZ50/cMKeQ6xXvwYbja64UIjzvtjna/cvQn2a8868c9
wHF4YueClL88YdCESolsKG+vh/DM+dqZGdiU5RsOvqa2wVpMo671NkIA7KIbRlvM
fa6RSOMYX0PKPnxBjjhuFj5QX65m3SdGEAlBb3vYdPgVdrZunfm0nSy8k8tpqRxB
DAO8PnI8/2mooaPzvF6O9ZkGfnC7toxPc9gVE4A3JpnK7olPSVKOsVSuMBF+9qk2
CHXlRTEF1Xe0Hu3pybYZMEMV8cJTGG04m9wDEV5qL96ui68yE1KBZF5M8Q0i0XxI
5qTDrPQ4Ez8WDxJN11R1WZ7j7rzCbfLYJW2iCLerCtCUhTF7kHC6av8QaNCTUvNL
FLzVTEzHUzs9eAkYC3RgS3asQDfx0JFKhtosVczjoR1RvK81L6AmCtStLnP/bF5j
IVPvc/zPbuCzOLqCAGmRY5LNNVl+JFsnsU9di8N3/hcIMiYF5NwlvDOtu8CEE2A0
yVUzaan1LKJodx2U3Mc8j9cXS7E5ElXhIZT0cTxNmu7PAstcuBGGB6vdKGB8g9vY
ibKB7SSFk644OM41BUE+M9bSEnmuFUF6DXG7VUstma0YK05mBEfP8kyVCF90w5Th
EqzSPi1Bp5StxHDVSIAvi0cXQV6T4rMW28AVCjLIwIcNVUkZ1uQ=
=zqko
-----END PGP SIGNATURE-----


Reply to: