[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1b0Bu6-0005eB-Q7@master.debian.org>
Date: Tue, 10 May 2016 17:57:06 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3574-1] libarchive security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3574-1 security@...ian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 10, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libarchive
CVE ID : CVE-2016-1541
Debian Bug : 823893
Rock Stevens, Andrew Ruef and Marcin 'Icewall' Noga discovered a
heap-based buffer overflow vulnerability in the zip_read_mac_metadata
function in libarchive, a multi-format archive and compression library,
which may lead to the execution of arbitrary code if a user or automated
system is tricked into processing a specially crafted ZIP file.
For the stable distribution (jessie), this problem has been fixed in
version 3.1.2-11+deb8u1.
We recommend that you upgrade your libarchive packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJXMh7bAAoJEAVMuPMTQ89EpTIP/0NKCwRC0sXwanP4JRS6Bhbn
FByC7rQ7RbLuypcE4W1rojKDsLjqIUIk1pn2ZkVt/FxqkIX+ybQSWm4z8mfO5naS
nZhEJia22G2vqJ0d/PWsBaHr3oZCk+z6XNOLNgyZPldF630TIabkL0/8d2DAQcKC
faokVokCa3vw8Dzd37FQf8DrMeOmak6AIXC69yabGvXs6nYxDDuSiktPekdKidfP
IG9jd9+3cyYVGONIOH1KobnSa7kFy0qy68TwAxYTe8oqATh13pX3WK2yO1ZN36XW
pSd7nZbCcDNjLHTC7Jinbvy55eLXMpV5Hu0QGoOky3ynbFrQXNNoq4YH2+QCGntw
EidYcz0f7xN3vDJdufBj2NJhAE9YaBM709C22t5JJPTsr0gX3X0eMSnsmePwGOB/
xEBuFl46NPrk4ikhtHb3zjAHPbWbYtOqkbqI5L8P/dMElQFA2tQg3UMZX2bg8dzO
ZkLlOQ+BDnLHE3s6pmPv6quyWqYGCT1Z19f3CRIzRnAtiKbFyUJ5QKQPS05EBQ1V
4uV5DdoM0tW2K8oNQfV2LiBx8xUW1ItmmStWTWbs6TJkL22rfF7pxMTVHnvJFvmb
7Uzun6stgkQCoEE+2IzcwG2/aQh+F8uja+ylRwUSHz2Fu4jNevowsOz6wy7LaaPz
5NmzDuq97YhbP+BRgH9P
=yR7s
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists