[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 3180-1] libarchive security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3180-1                   security@debian.org
http://www.debian.org/security/                        Alessandro Ghedini
March 05, 2015                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libarchive
CVE ID         : no yet available
Debian Bug     : 778266

Alexander Cherepanov discovered that bsdcpio, an implementation of the
'cpio' program part of the libarchive project, is susceptible to a
directory traversal vulnerability via absolute paths.

For the stable distribution (wheezy), this problem has been fixed in
version 3.0.4-3+wheezy1.

For the upcoming stable distribution (jessie), this problem has been
fixed in version 3.1.2-11.

For the unstable distribution (sid), this problem has been fixed in
version 3.1.2-11.

We recommend that you upgrade your libarchive packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJU+MLMAAoJEBDCk7bDfE42Z3wP/RcDQklhuyOun2ieeJjg1Fl9
mWN+mzCjy66ClR5IJijiqSVRgRBlSZ3RiTaXWmSAdkyU9Fsn5pDP/G0S8v6tsLbk
9cik8OoZxHY6F6AuAWiTHTxNci1xZeK5/hCOFCbVykN8t3Hte/vyAr+zdyKD+D5C
NKQXNRPWFqSawUYPm5t58F9TGD7SJy9oSBdcvZHmXWm6VVsHgg22UaV5GUwqPnEU
3wB/5//j6HZfRnz88R8hWhOrTKDURN+8y2fPFjv7a6zPlRw7nr2uf+BzIQZkWIso
DGr+BY2Gmgla3NN8pu16vI/6kdDC27ISOdqo49EHBzyPDN0kglJl8tT66tMCD9rs
9vbaETkI1bd7WbJUw/ViwF0c+14enVtffnRAjbxKfsUnoRkNf6Y2LI7RcNJ2fnCG
bCYrMeCLBqeW/zSfq+wXH6yQcb0o7dGxOhu0Cxc+h7CwERJMP+W8cXwb5WoN9KCk
o3bv3JWnl/dYhGtHUFLO3T+Vtmpi9Lfr2c9kdho5QHYVB44yb/0p9mSlYR2igtMb
o/nW+J6Ae98+rctFA0S5QN9VaMHTKQN35+9gIKCE0lNJ+jN0Kk5rNZjg5kTW8pmK
fnlD2SxO7xQiJP3+6j+WGHAbOtO6Tq1/t91ELtexQel/6i6dj1vvOWN1sxzvz8BW
aKHZMQ1DAnW5DW80HBW+
=k/du
-----END PGP SIGNATURE-----


Reply to: