|
|
Log in / Subscribe / Register

Debian-LTS alert DLA-166-1 (libarchive)



From:
    	      Thorsten Alteholz <debian@alteholz.de> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 166-1] libarchive security update 


Date:
    	      Sat, 7 Mar 2015 17:01:51 +0100 (CET)


Message-ID:
    	      <alpine.DEB.2.02.1503071700280.6596@jupiter.server.alteholz.net>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libarchive
Version        : 2.8.4.forreal-1+squeeze3
CVE ID         : not yet assigned
Debian Bug     : 778266

Alexander Cherepanov discovered that bsdcpio, an implementation of the
'cpio' program part of the libarchive project, is susceptible to a
directory traversal vulnerability via absolute paths.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJU+yDvXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHOXIQAKtfAic1PnTpNjjpaLJI/Xr1
hXCzh3EAF3qTHuOkn4mVR1VUKUaTIFN2zVfP0wwI2qY1DyquWirYVlFYXU1g2CD7
r+Qmd8fLjXhN4OImLKMUMfioyF4fqWerlolsWpnO/CuKWj2OMambOBGPU+3cNpeg
SpRj52RVwyPN9sJBnmxPZO/9TXSmmW9PEpppYvfjEqvg3oJCe2LYLBRwygicYFBF
7x7IgOLvsK2bdrkkAPUimqgB+OrKaQK6GZ2EH/XzfYVoYXYZEmi4FA0+/AqgTJJi
5qM2H7gaNV2wafyOxvOyXKdAHq6hoBRA8p6E+sIYYPzjv1fVJ+xqHDK65YXIbMOM
qTxKwC9tuNIW+eSOwEZVMvDEMCKS+WWejcNf6RRgxkwunU8SJtC1+6a1oOjvemUQ
VZjRXvGlZzqxZKkM2uCgzS0iGSvIGUpejUjsNzdy6OKAgVixs9u9oIYt2wcY3vWM
ok1Qm2p/CT901B6oUtvH7r7ymIZPU0E2DGMryfnFdga0z2WsDOEqkYTNXnAefcWP
vJjPwSNLtNV0EYVHt/CNOEa/o0UBr4hmeiUIMvs7okO1GZPJ1CW4T/QkW/b6cF//
2ETfjDl5hZv2ZtXOCIAzt/m/YDqIRpckhhOer4LzZbHBf/67/SqlmuozX7v4BMm3
N7tcl60NH9xh7/3vn3vv
=XWzt
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-lts-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: https://lists.debian.org/alpine.DEB.2.02.1503071700280.65...
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds