it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5806-1] libarchive security update
- Date: Sat, 09 Nov 2024 08:49:39 +0000
- Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/E1t9hA3-00GbCU-0B AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=Mw/nYSQjjMFHyqB1jgXAJ9sqLnF3VH1tq78bJjm63Zk=; b=fs KqUGosgapJVgoqEcqGvBnDqMJ9sOHNVBWBzn1Cl0XxVDUdt/jIg8bC+NT7CwTrz5jBreGb+1HHCGh wNKMEYlQZ9SZ2SbISGfyvXRmbbZpXfa3Dlc/j2KMxYhDLqOIJYQMJro/fJBHDWV9Gi/jqHplYJyzP LG7ArGkxcHxmiWyGauRzsmp9yP6Bm93rnL61Unp/REemHDJAjruF2c4iCh94fC+DuYJZVfblCd26U 5ZB5NbG08CaoJgQ0k9aV8sO3Ud3+t/ziX7IM07ppVjbHcOqcaLF+UDzvRMxCZ70HmcZX42VjYqy2L g9vBDo4TzvINCxxNic/6rbZdtoURsfkQ==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Sat, 9 Nov 2024 08:49:58 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <35uHPExIXuC.A.H_kC.2IyLnB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5806-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
November 09, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libarchive
CVE ID : CVE-2024-20696
Debian Bug : 1086155
A heap-based out-of-bounds write vulnerability was discovered in
libarchive, a multi-format archive and compression library, which may
result in the execution of arbitrary code if a specially crafted RAR
archive is processed.
For the stable distribution (bookworm), this problem has been fixed in
version 3.6.2-1+deb12u2.
We recommend that you upgrade your libarchive packages.
For the detailed security status of libarchive please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/libarchive
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmcvIfhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Q7lg/8Dq0QdIkhu9rjq/M6C3m87PYV9MUtp23uZASKIgN95uTMLMYT4AON0o6F
ZyUB8MZcwTsTabt8LdvgxyXBzGBq1TMKqeB44n2LjjI5cn3OZftQnvNQmqmuiJhS
Uvk2NyjOZ9TEpfwwGhlwcrFL3YFQxTIrWMbuIacxZRcCrnxTphXL4KxbS2+/gkn3
nDG5GrYK0CI20PSOsbKz8nQJqMBuCpWGKU61mcDxivdP3nYQSfzexvhMPhKyuK+F
CGWbyMbR70FnC3UmyNTVvSi70H28QHgJ8LSooLaZl9hLnHVdAPt0jRGeYR25JV6G
PL4Hx1fq42W/nB+mzyb2Lv/rDf8fQUsVvyoLujhxz6dDJtYr8l0Oy3l4Y8YP4sII
WDYP26glQjggcS3uAACiZe2y6B0EOKuaOj64ZEDgZeTeMcCIyAU6SWZmE9vv4r3Q
rFA/jtsSmQLZQu3Ry2wrPpbwwDxSDXeAMR9970MxTJgpnltJx2kO6urk8d1SNlNU
jkiwdTLA1caGh0HbrwlE+d/OUYIiOLZkBmIi815imbP83imk2yrl/yJIBBObDd19
2ah66BUFp4UBD28XY3R7bGQN/OpMFcGe3Kw2nVt8rsIA/ku3XWJE60611NFElTZl
0QIa1j3dHzgjjYFWYVPlLHUD6XV2p0AXl+sQteToqx66e1sj9eM=
=2Rv1
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5806-1] libarchive security update, Salvatore Bonaccorso, 09.11.2024
Archiv bereitgestellt durch MHonArc 2.6.19+.