Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3180-1] libarchive security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3180-1] libarchive security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Alessandro Ghedini <ghedo AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3180-1] libarchive security update
  • Date: Thu, 5 Mar 2015 21:57:39 +0100
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • Old-return-path: <jmm AT inutil.org>
  • Priority: urgent
  • Resent-date: Thu, 5 Mar 2015 20:57:58 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <-4yNfe1FwBP.A.n0F.WNM-UB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3180-1 security AT debian.org
http://www.debian.org/security/ Alessandro Ghedini
March 05, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libarchive
CVE ID : no yet available
Debian Bug : 778266

Alexander Cherepanov discovered that bsdcpio, an implementation of the
'cpio' program part of the libarchive project, is susceptible to a
directory traversal vulnerability via absolute paths.

For the stable distribution (wheezy), this problem has been fixed in
version 3.0.4-3+wheezy1.

For the upcoming stable distribution (jessie), this problem has been
fixed in version 3.1.2-11.

For the unstable distribution (sid), this problem has been fixed in
version 3.1.2-11.

We recommend that you upgrade your libarchive packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJU+MLMAAoJEBDCk7bDfE42Z3wP/RcDQklhuyOun2ieeJjg1Fl9
mWN+mzCjy66ClR5IJijiqSVRgRBlSZ3RiTaXWmSAdkyU9Fsn5pDP/G0S8v6tsLbk
9cik8OoZxHY6F6AuAWiTHTxNci1xZeK5/hCOFCbVykN8t3Hte/vyAr+zdyKD+D5C
NKQXNRPWFqSawUYPm5t58F9TGD7SJy9oSBdcvZHmXWm6VVsHgg22UaV5GUwqPnEU
3wB/5//j6HZfRnz88R8hWhOrTKDURN+8y2fPFjv7a6zPlRw7nr2uf+BzIQZkWIso
DGr+BY2Gmgla3NN8pu16vI/6kdDC27ISOdqo49EHBzyPDN0kglJl8tT66tMCD9rs
9vbaETkI1bd7WbJUw/ViwF0c+14enVtffnRAjbxKfsUnoRkNf6Y2LI7RcNJ2fnCG
bCYrMeCLBqeW/zSfq+wXH6yQcb0o7dGxOhu0Cxc+h7CwERJMP+W8cXwb5WoN9KCk
o3bv3JWnl/dYhGtHUFLO3T+Vtmpi9Lfr2c9kdho5QHYVB44yb/0p9mSlYR2igtMb
o/nW+J6Ae98+rctFA0S5QN9VaMHTKQN35+9gIKCE0lNJ+jN0Kk5rNZjg5kTW8pmK
fnlD2SxO7xQiJP3+6j+WGHAbOtO6Tq1/t91ELtexQel/6i6dj1vvOWN1sxzvz8BW
aKHZMQ1DAnW5DW80HBW+
=k/du
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: https://lists.debian.org/20150305205739.GA11978 AT pisco.westfalen.local



  • [IT-SecNots] [SECURITY] [DSA 3180-1] libarchive security update, Alessandro Ghedini, 05.03.2015

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang