lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20150305205739.GA11978@pisco.westfalen.local>
Date: Thu, 5 Mar 2015 21:57:39 +0100
From: Alessandro Ghedini <ghedo@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3180-1] libarchive security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3180-1                   security@...ian.org
http://www.debian.org/security/                        Alessandro Ghedini
March 05, 2015                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libarchive
CVE ID         : no yet available
Debian Bug     : 778266

Alexander Cherepanov discovered that bsdcpio, an implementation of the
'cpio' program part of the libarchive project, is susceptible to a
directory traversal vulnerability via absolute paths.

For the stable distribution (wheezy), this problem has been fixed in
version 3.0.4-3+wheezy1.

For the upcoming stable distribution (jessie), this problem has been
fixed in version 3.1.2-11.

For the unstable distribution (sid), this problem has been fixed in
version 3.1.2-11.

We recommend that you upgrade your libarchive packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJU+MLMAAoJEBDCk7bDfE42Z3wP/RcDQklhuyOun2ieeJjg1Fl9
mWN+mzCjy66ClR5IJijiqSVRgRBlSZ3RiTaXWmSAdkyU9Fsn5pDP/G0S8v6tsLbk
9cik8OoZxHY6F6AuAWiTHTxNci1xZeK5/hCOFCbVykN8t3Hte/vyAr+zdyKD+D5C
NKQXNRPWFqSawUYPm5t58F9TGD7SJy9oSBdcvZHmXWm6VVsHgg22UaV5GUwqPnEU
3wB/5//j6HZfRnz88R8hWhOrTKDURN+8y2fPFjv7a6zPlRw7nr2uf+BzIQZkWIso
DGr+BY2Gmgla3NN8pu16vI/6kdDC27ISOdqo49EHBzyPDN0kglJl8tT66tMCD9rs
9vbaETkI1bd7WbJUw/ViwF0c+14enVtffnRAjbxKfsUnoRkNf6Y2LI7RcNJ2fnCG
bCYrMeCLBqeW/zSfq+wXH6yQcb0o7dGxOhu0Cxc+h7CwERJMP+W8cXwb5WoN9KCk
o3bv3JWnl/dYhGtHUFLO3T+Vtmpi9Lfr2c9kdho5QHYVB44yb/0p9mSlYR2igtMb
o/nW+J6Ae98+rctFA0S5QN9VaMHTKQN35+9gIKCE0lNJ+jN0Kk5rNZjg5kTW8pmK
fnlD2SxO7xQiJP3+6j+WGHAbOtO6Tq1/t91ELtexQel/6i6dj1vvOWN1sxzvz8BW
aKHZMQ1DAnW5DW80HBW+
=k/du
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ