Security Information / 2016 / Security Information -- DSA-3657-1 libarchive

Debian Security Advisory

DSA-3657-1 libarchive -- security update

Date Reported:

30 Aug 2016

Affected Packages:

libarchive

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-8916, CVE-2015-8917, CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8922, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8930, CVE-2015-8931, CVE-2015-8932, CVE-2015-8933, CVE-2015-8934, CVE-2016-4300, CVE-2016-4302, CVE-2016-4809, CVE-2016-5844.

More information:

Hanno Boeck and Marcin Noga discovered multiple vulnerabilities in libarchive; processing malformed archives may result in denial of service or the execution of arbitrary code.

For the stable distribution (jessie), these problems have been fixed in version 3.1.2-11+deb8u2.

For the testing distribution (stretch), these problems have been fixed in version 3.2.1-1.

For the unstable distribution (sid), these problems have been fixed in version 3.2.1-1.

We recommend that you upgrade your libarchive packages.