ELA-62-1 libarchive security update


Related CVEs CVE-2017-14501 CVE-2017-14502 CVE-2017-14503

Several security vulnerabilities were found in libarchive, a multi-format archive and compression library. Heap-based buffer over-reads, NULL pointer dereferences and out-of-bounds reads allow remote attackers to cause a denial-of-service (application crash) via specially crafted archive files.

For Debian 7 Wheezy, these problems have been fixed in version 3.0.4-3+wheezy6+deb7u2.

We recommend that you upgrade your libarchive packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.