Debian Security Advisory

DLA-166-1 libarchive -- LTS security update

Date Reported:
07 Mar 2015
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 778266.
More information:

Alexander Cherepanov discovered that bsdcpio, an implementation of the cpio program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths.

For Debian 6 Squeeze, these issues have been fixed in libarchive version 2.8.4.forreal-1+squeeze3