it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5706-1] libarchive security update
- Date: Wed, 05 Jun 2024 20:35:59 +0000
- List-archive: https://lists.debian.org/msgid-search/E1sExMV-0087xb-JF AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=O4b0oOg0IoHGQ3s9AhxZSRoAnx6h8T/6LuCwhM57g5I=; b=nf J5sSyHDR3D6zL6rkjYA7UHzbWXrcEAOnvn4H9ODqiCax5ouN83xKIkiAyF2Af7ngBXSNfUB67HzkR 44xaIYea5rl09HvxNW7h45NuNtxNAI6zBOnfrIyTWPstMwfxBONK1jPaXjxATzs11b4IFmyWqMkNQ X+iWfJdfxYxIRPQIRMViuO0YOUcnZjGjW3A1M2L9JvDq42eEmfLcq4LkohJ7mfFKjRrQYWhy5g882 6+KdzN2x0WN+6YJ8uTDFnlH1/ETTQeOeIOHtZiw8sDRD9Uh49eoWz3Swiz8bGPhOHnIgL2iV8jgkv qARwpjIqrqfeWvB9JyRBHZsjsjBZ5/Jg==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Wed, 5 Jun 2024 20:36:18 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <j0r_ZakSQHL.A.TxwM.CxMYmB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5706-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 05, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libarchive
CVE ID : CVE-2024-26256
Debian Bug : 1072107
An integer overflow vulnerability in the rar e8 filter was discovered in
libarchive, a multi-format archive and compression library, which may
result in the execution of arbitrary code if a specially crafted RAR
archive is processed.
For the stable distribution (bookworm), this problem has been fixed in
version 3.6.2-1+deb12u1.
We recommend that you upgrade your libarchive packages.
For the detailed security status of libarchive please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/libarchive
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZgy+pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0ScPRAAi2HFosqr3NeyDgV7gT3bTjKrq5EwrG9HIYS0e21KPfLteXxcsDjNkfzN
nhSY0CoEL29/vyQpON+ht1En7utYtiLrSgDcjak4E26mBcMy2haL3hqMuGQiJTGk
clBUQ4iHFU1SL6+KoNEgpNPIDBgDtbVDTNJUz66IUTl/QTjPvTsbUkSdSuXAvN9C
9k5AEkSq4CIYl5UAQk4yJZ1MrU6pWdqPt6cpWULyaI5bIkC+fKdJ5T+2ElTnCT9V
M/lkdePtI3V9iwj0vjEpelhmUlojjRUbbyuH+tDiCMUFj+GZueVvdZX1UuO4Je29
vcNZ4VU6YvxU5gsgnQb09KnZd5EFGnqGNBnaEq+EEzW3Q4p2non4q6PUj8H0qzgN
DMz8fxXuwdIh/8bVkmRNVQPJFurfLp5aU4ECQ4NROk3rg/sotyAjgQb6QeP2tcax
H0sKfgDc+SgcFgbUrGZ3CLanWiv19x7Oggt/I4DX/16GFSq3Z8xMzNlZOIotyr2T
bKrIaPxwDrDyk8Qs2f6aPKOHZgiAIEOicpu3FP9Dr+oU9K/a8N2oDuz5Vwt4XOof
N25GGZdhTTZtQ4uHBgEx1pmsWhpycdFSPUVHXW3pGoMNgIkOKau/oid73v224koB
Xe2eWygGE9Tnk9EDL9FtqYRbq+zTJGElcF7URbVRrxR5MVE8Ejs=
=BFbJ
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5706-1] libarchive security update, Salvatore Bonaccorso, 05.06.2024
Archiv bereitgestellt durch MHonArc 2.6.19+.