|
|
Subscribe / Log in / New account

Debian alert DLA-1971-1 (libarchive)



From:
              Thorsten Alteholz <debian@alteholz.de> 


To:
              debian-lts-announce@lists.debian.org 


Subject:
              [SECURITY] [DLA 1971-1] libarchive security update 


Date:
              Sat, 26 Oct 2019 23:27:40 +0200 (CEST)


Message-ID:
              <alpine.DEB.2.20.1910262324130.13905@jupiter.server.alteholz.net>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libarchive
Version        : 3.1.2-11+deb8u8
CVE ID         : CVE-2019-18408


An issue has been found in libarchive, a multi-format archive and 
compression library.

In case of a crafted archive containing several parts and one part being 
corrupt, there would be an use-after-free for the next part of the 
archive.


For Debian 8 "Jessie", this problem has been fixed in version
3.1.2-11+deb8u8.

We recommend that you upgrade your libarchive packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl20ukxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfEXQ//Y07q5RXJ+l95uFa/VsvW4JewMsEZ/WiMDxQRzhCcqhWyG5+6uNNAQ7M9
OqJiu20TOazwdYDGHiRXxr7VbBLGrMAFCT42jdoANvsJujvejqSP6wHnk3F5Ztu8
jZ3XclE8wSnDPHMZLbuJeUbFArgLAlf8OmhsxogAx6t/tKM+mp3wF9cj8m+iUpaq
zZPq4hom9Md7KyQfQQwbP9UmejqeyyDLzDw7v42Ha4M8T1a4tU603H/wm7HzQn2F
4TQ0sUsxN1tizGvpgvbOjZ+blbrDBXQspksI40WZtGbYGpblr1+x/nL2k7gHUJ0P
Jy8zYsD9W+kEw1Hcs8P8nvLSDBFDsjagi6BPcOzucacW0P80bJyG2Hsd7DQbqOA8
qQ/OJ+DHTRphlswZD29Ta8hSPWC6FasxrXf5LIxNfK40vE5+bIExPHrbHYU2Uza0
VCGSDMRAVMLOmrVWz0ykmwH7+VhIf0vM5NSvvg9X78EVjvAJu0cm38Z5mTDYXbZX
tBq9UcrjGCH3ARCy36kPudqFlwDIm5wwZSa6nDraw5LiZAh28/BtaYY+bvSR/eRi
0tLdITl9BUGVma3A2VZjQnHhFIRPNWIZgdVXqwjG7MzI7VzC3wVmNhr4Zu2JXwvq
P8KtFhwK1UgObbYdCfsWCmiVkIEN3jwNFGQYRkzYuTQ2NlTQXvo=
=rjtC
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds