|
|
Log in / Subscribe / Register

Debian alert DLA-1092-1 (libarchive)



From:
    	      Chris Lamb <lamby@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 1092-1] libarchive security update 


Date:
    	      Fri, 08 Sep 2017 10:00:00 +0100


Message-ID:
    	      <1504861200.1858937.1099340600.599A2E72@webmail.messagingengine.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libarchive
Version        : 3.0.4-3+wheezy6+deb7u1
CVE ID         : CVE-2017-14166
Debian Bug     : #874539

It was discovered that there was a denial of service vulnerability in the
libarchive multi-format compression library. A specially-crafted .xar
archive could cause via a heap-based buffer over-read.

For Debian 7 "Wheezy", this issue has been fixed in libarchive version
3.0.4-3+wheezy6+deb7u1.

We recommend that you upgrade your libarchive packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlmyWMwACgkQHpU+J9Qx
HlhOSRAAsW4o57oFUDEvJpZ50/cMKeQ6xXvwYbja64UIjzvtjna/cvQn2a8868c9
wHF4YueClL88YdCESolsKG+vh/DM+dqZGdiU5RsOvqa2wVpMo671NkIA7KIbRlvM
fa6RSOMYX0PKPnxBjjhuFj5QX65m3SdGEAlBb3vYdPgVdrZunfm0nSy8k8tpqRxB
DAO8PnI8/2mooaPzvF6O9ZkGfnC7toxPc9gVE4A3JpnK7olPSVKOsVSuMBF+9qk2
CHXlRTEF1Xe0Hu3pybYZMEMV8cJTGG04m9wDEV5qL96ui68yE1KBZF5M8Q0i0XxI
5qTDrPQ4Ez8WDxJN11R1WZ7j7rzCbfLYJW2iCLerCtCUhTF7kHC6av8QaNCTUvNL
FLzVTEzHUzs9eAkYC3RgS3asQDfx0JFKhtosVczjoR1RvK81L6AmCtStLnP/bF5j
IVPvc/zPbuCzOLqCAGmRY5LNNVl+JFsnsU9di8N3/hcIMiYF5NwlvDOtu8CEE2A0
yVUzaan1LKJodx2U3Mc8j9cXS7E5ElXhIZT0cTxNmu7PAstcuBGGB6vdKGB8g9vY
ibKB7SSFk644OM41BUE+M9bSEnmuFUF6DXG7VUstma0YK05mBEfP8kyVCF90w5Th
EqzSPi1Bp5StxHDVSIAvi0cXQV6T4rMW28AVCjLIwIcNVUkZ1uQ=
=zqko
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds