Debian Security Advisory
DLA-2210-1 apt -- LTS security update
- Date Reported:
- 15 May 2020
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2020-3810.
- More information:
When normalizing ar member names by removing trailing whitespace and slashes, an out-out-bound read can be caused if the ar member name consists only of such characters, because the code did not stop at 0, but would wrap around and continue reading from the stack, without any limit.
For Debian 8
Jessie, this problem has been fixed in version 220.127.116.11.6.
We recommend that you upgrade your apt packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS