[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20150305205739.GA11978@pisco.westfalen.local>
Date: Thu, 5 Mar 2015 21:57:39 +0100
From: Alessandro Ghedini <ghedo@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3180-1] libarchive security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3180-1 security@...ian.org
http://www.debian.org/security/ Alessandro Ghedini
March 05, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libarchive
CVE ID : no yet available
Debian Bug : 778266
Alexander Cherepanov discovered that bsdcpio, an implementation of the
'cpio' program part of the libarchive project, is susceptible to a
directory traversal vulnerability via absolute paths.
For the stable distribution (wheezy), this problem has been fixed in
version 3.0.4-3+wheezy1.
For the upcoming stable distribution (jessie), this problem has been
fixed in version 3.1.2-11.
For the unstable distribution (sid), this problem has been fixed in
version 3.1.2-11.
We recommend that you upgrade your libarchive packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJU+MLMAAoJEBDCk7bDfE42Z3wP/RcDQklhuyOun2ieeJjg1Fl9
mWN+mzCjy66ClR5IJijiqSVRgRBlSZ3RiTaXWmSAdkyU9Fsn5pDP/G0S8v6tsLbk
9cik8OoZxHY6F6AuAWiTHTxNci1xZeK5/hCOFCbVykN8t3Hte/vyAr+zdyKD+D5C
NKQXNRPWFqSawUYPm5t58F9TGD7SJy9oSBdcvZHmXWm6VVsHgg22UaV5GUwqPnEU
3wB/5//j6HZfRnz88R8hWhOrTKDURN+8y2fPFjv7a6zPlRw7nr2uf+BzIQZkWIso
DGr+BY2Gmgla3NN8pu16vI/6kdDC27ISOdqo49EHBzyPDN0kglJl8tT66tMCD9rs
9vbaETkI1bd7WbJUw/ViwF0c+14enVtffnRAjbxKfsUnoRkNf6Y2LI7RcNJ2fnCG
bCYrMeCLBqeW/zSfq+wXH6yQcb0o7dGxOhu0Cxc+h7CwERJMP+W8cXwb5WoN9KCk
o3bv3JWnl/dYhGtHUFLO3T+Vtmpi9Lfr2c9kdho5QHYVB44yb/0p9mSlYR2igtMb
o/nW+J6Ae98+rctFA0S5QN9VaMHTKQN35+9gIKCE0lNJ+jN0Kk5rNZjg5kTW8pmK
fnlD2SxO7xQiJP3+6j+WGHAbOtO6Tq1/t91ELtexQel/6i6dj1vvOWN1sxzvz8BW
aKHZMQ1DAnW5DW80HBW+
=k/du
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists