[SECURITY] [DSA 4685-1] apt security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 4685-1] apt security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 14 May 2020 04:09:30 +0000
Message-id: <[🔎] E1jZ5Ba-0004QS-R7@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4685-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 14, 2020                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : apt
CVE ID         : CVE-2020-3810

Shuaibing Lu discovered that missing input validation in the ar/tar
implementations of APT, the high level package manager, could result in
denial of service when processing specially crafted deb files.

For the oldstable distribution (stretch), this problem has been fixed
in version 1.4.10.

For the stable distribution (buster), this problem has been fixed in
version 1.8.2.1.

We recommend that you upgrade your apt packages.

For the detailed security status of apt please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/apt

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl68wmxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0ShoRAAkd9F6owCj7megYVSKGBY5IKRMtLaUeDt/Akly8n24SGdyOAwD+/7g6Id
dWXhF/YENBFieMObDGHJnL7P5yPCuBfU7MQG/hzfYtx8MBgPIsM3dqNjvSadLPAv
/Qe/t01cOSGg06ymN94lALOK4IbpDlh99fi3lplC/ZMCk51Ru+6AT5V212goLTwT
EWEwpzig1NFdLZiaE2yoeezI05zuhg7/hIC2ligbTIZvp0jeqHR9sJQYqu8QAC47
NJhUZ2Ll8t2yw3L6DCrKryYfSxn5Sn52en1HziMr/9IDZkhJZEM8gO9J73IW0XTJ
lF7mFGnjb5QOXIEtkfWFHlBLsms1rayYZ+0N7mUzl47flvqVZeveetuCr9K8bsTa
mW5/pZ+IctRP7jGkPJhzjCQzF8yknUZH1kkR4v+DTTe9Jzi7P0fmkuEKJykI1sA2
tMT9Ti4aqs4Q6YSDoQdtTZBTw4fYJKFW12Q/3ZeOSlZ1d9/EXmlFkkGS3RzI1dmD
Z3jSYNVvIN5RhFxZ8AFpVyQQyl91PgxnFWThTRvVdJJAhSHQ+gJRgHUvcSkSt/s9
DlI+53t3X2m8dUNiNkpKsUsVu1e5qAAPM5540vGHjeBvUcc9BN/cvJeeaL46c0j8
BYXzAQujqcT7+mRVMkYfVRALYb/g/Vns23QSgFoCnBReuirE+x4=
=k9r8
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 4684-1] libreswan security update
Next by Date: [SECURITY] [DSA 4686-1] apache-log4j1.2 security update
Previous by thread: [SECURITY] [DSA 4684-1] libreswan security update
Next by thread: [SECURITY] [DSA 4686-1] apache-log4j1.2 security update
Index(es):
- Date
- Thread