Debian Security Advisory
DLA-1600-1 libarchive -- LTS security update
- Date Reported:
- 29 Nov 2018
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 853278, Bug 875960, Bug 875974, Bug 875966, Bug 874539, Bug 840934.
In Mitre's CVE dictionary: CVE-2015-8915, CVE-2016-8687, CVE-2016-8688, CVE-2016-8689, CVE-2016-10209, CVE-2016-10349, CVE-2016-10350, CVE-2017-5601, CVE-2017-14166, CVE-2017-14501, CVE-2017-14502, CVE-2017-14503.
- More information:
Multiple security vulnerabilities were found in libarchive, a multi-format archive and compression library. Heap-based buffer over-reads, NULL pointer dereferences and out-of-bounds reads allow remote attackers to cause a denial-of-service (application crash) via specially crafted archive files.
For Debian 8
Jessie, these problems have been fixed in version 3.1.2-11+deb8u4.
We recommend that you upgrade your libarchive packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS