ELA-62-1 libarchive security update

denial-of-service

2018-11-30
Packagelibarchive
Version3.0.4-3+wheezy6+deb7u2
Related CVEs CVE-2017-14501 CVE-2017-14502 CVE-2017-14503


Several security vulnerabilities were found in libarchive, a multi-format archive and compression library. Heap-based buffer over-reads, NULL pointer dereferences and out-of-bounds reads allow remote attackers to cause a denial-of-service (application crash) via specially crafted archive files.



For Debian 7 Wheezy, these problems have been fixed in version 3.0.4-3+wheezy6+deb7u2.

We recommend that you upgrade your libarchive packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.