Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Debian: DLA-1006-1 Critical: Libarchive Denial Of Service

debian lts
Calendar Grey June 30, 2017
Dist Debian Esm H88
Numerous DoS vulnerabilities within libarchive have been patched in the latest Debian LTS update. Ensure your system is upgraded promptly for improved security measures.
Multiple denial of services vulnerabilities have been identified in libarchive when manipulating specially crafted archives
Topics%20covered

Topics Covered

security advisory denial of service critical debian libarchive

Summary

NULL pointer dereference and application crash in the
archive_wstring_append_from_mbs() function.

CVE-2016-10349

Heap-based buffer over-read and application crash in the
archive_le32dec() function.

CVE-2016-10350

Heap-based buffer over-read and application crash in the
archive_read_format_cab_read_header() function.

For Debian 7 "Wheezy", these problems have been fixed in version
3.0.4-3+wheezy6.

We recommend that you upgrade your libarchive packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

--
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/lts/debian/
Learn to master Debian: https://debian-handbook.info/get/


Severity
critical
Lowest
Low
Medium
High
Critical

<pre><font face="Courier">Package: libarchive
Version: 3.0.4-3+wheezy6
CVE ID: CVE-2016-10209 CVE-2016-10349 CVE-2016-10350
Debian Bug: 859456 861609

Topics%20covered

Topics Covered

security advisory denial of service critical debian libarchive

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here