lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1b0Bu6-0005eB-Q7@master.debian.org>
Date: Tue, 10 May 2016 17:57:06 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3574-1] libarchive security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3574-1                   security@...ian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 10, 2016                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libarchive
CVE ID         : CVE-2016-1541
Debian Bug     : 823893

Rock Stevens, Andrew Ruef and Marcin 'Icewall' Noga discovered a
heap-based buffer overflow vulnerability in the zip_read_mac_metadata
function in libarchive, a multi-format archive and compression library,
which may lead to the execution of arbitrary code if a user or automated
system is tricked into processing a specially crafted ZIP file.

For the stable distribution (jessie), this problem has been fixed in
version 3.1.2-11+deb8u1.

We recommend that you upgrade your libarchive packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXMh7bAAoJEAVMuPMTQ89EpTIP/0NKCwRC0sXwanP4JRS6Bhbn
FByC7rQ7RbLuypcE4W1rojKDsLjqIUIk1pn2ZkVt/FxqkIX+ybQSWm4z8mfO5naS
nZhEJia22G2vqJ0d/PWsBaHr3oZCk+z6XNOLNgyZPldF630TIabkL0/8d2DAQcKC
faokVokCa3vw8Dzd37FQf8DrMeOmak6AIXC69yabGvXs6nYxDDuSiktPekdKidfP
IG9jd9+3cyYVGONIOH1KobnSa7kFy0qy68TwAxYTe8oqATh13pX3WK2yO1ZN36XW
pSd7nZbCcDNjLHTC7Jinbvy55eLXMpV5Hu0QGoOky3ynbFrQXNNoq4YH2+QCGntw
EidYcz0f7xN3vDJdufBj2NJhAE9YaBM709C22t5JJPTsr0gX3X0eMSnsmePwGOB/
xEBuFl46NPrk4ikhtHb3zjAHPbWbYtOqkbqI5L8P/dMElQFA2tQg3UMZX2bg8dzO
ZkLlOQ+BDnLHE3s6pmPv6quyWqYGCT1Z19f3CRIzRnAtiKbFyUJ5QKQPS05EBQ1V
4uV5DdoM0tW2K8oNQfV2LiBx8xUW1ItmmStWTWbs6TJkL22rfF7pxMTVHnvJFvmb
7Uzun6stgkQCoEE+2IzcwG2/aQh+F8uja+ylRwUSHz2Fu4jNevowsOz6wy7LaaPz
5NmzDuq97YhbP+BRgH9P
=yR7s
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ