[SECURITY] [DLA 1971-1] libarchive security update

2019-10-2621:27:40

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.012 Low

EPSS

Percentile

84.7%

JSON

Package : libarchive
Version : 3.1.2-11+deb8u8
CVE ID : CVE-2019-18408

An issue has been found in libarchive, a multi-format archive and
compression library.

In case of a crafted archive containing several parts and one part being
corrupt, there would be an use-after-free for the next part of the
archive.

For Debian 8 "Jessie", this problem has been fixed in version
3.1.2-11+deb8u8.

We recommend that you upgrade your libarchive packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9ppc64ellibarchive-tools< 3.2.2-2+deb9u2libarchive-tools_3.2.2-2+deb9u2_ppc64el.deb
Debian10armellibarchive-tools< 3.3.3-4+deb10u1libarchive-tools_3.3.3-4+deb10u1_armel.deb
Debian10mips64ellibarchive-tools-dbgsym< 3.3.3-4+deb10u1libarchive-tools-dbgsym_3.3.3-4+deb10u1_mips64el.deb
Debian9mipslibarchive13-dbgsym< 3.2.2-2+deb9u2libarchive13-dbgsym_3.2.2-2+deb9u2_mips.deb
Debian8amd64libarchive-dev< 3.1.2-11+deb8u8libarchive-dev_3.1.2-11+deb8u8_amd64.deb
Debian9armellibarchive-dev< 3.2.2-2+deb9u2libarchive-dev_3.2.2-2+deb9u2_armel.deb
Debian9amd64libarchive-tools-dbgsym< 3.2.2-2+deb9u2libarchive-tools-dbgsym_3.2.2-2+deb9u2_amd64.deb
Debian10arm64libarchive13-dbgsym< 3.3.3-4+deb10u1libarchive13-dbgsym_3.3.3-4+deb10u1_arm64.deb
Debian9ppc64ellibarchive-tools-dbgsym< 3.2.2-2+deb9u2libarchive-tools-dbgsym_3.2.2-2+deb9u2_ppc64el.deb
Debian10i386libarchive13< 3.3.3-4+deb10u1libarchive13_3.3.3-4+deb10u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	ppc64el	libarchive-tools	< 3.2.2-2+deb9u2	libarchive-tools_3.2.2-2+deb9u2_ppc64el.deb
Debian	10	armel	libarchive-tools	< 3.3.3-4+deb10u1	libarchive-tools_3.3.3-4+deb10u1_armel.deb
Debian	10	mips64el	libarchive-tools-dbgsym	< 3.3.3-4+deb10u1	libarchive-tools-dbgsym_3.3.3-4+deb10u1_mips64el.deb
Debian	9	mips	libarchive13-dbgsym	< 3.2.2-2+deb9u2	libarchive13-dbgsym_3.2.2-2+deb9u2_mips.deb
Debian	8	amd64	libarchive-dev	< 3.1.2-11+deb8u8	libarchive-dev_3.1.2-11+deb8u8_amd64.deb
Debian	9	armel	libarchive-dev	< 3.2.2-2+deb9u2	libarchive-dev_3.2.2-2+deb9u2_armel.deb
Debian	9	amd64	libarchive-tools-dbgsym	< 3.2.2-2+deb9u2	libarchive-tools-dbgsym_3.2.2-2+deb9u2_amd64.deb
Debian	10	arm64	libarchive13-dbgsym	< 3.3.3-4+deb10u1	libarchive13-dbgsym_3.3.3-4+deb10u1_arm64.deb
Debian	9	ppc64el	libarchive-tools-dbgsym	< 3.2.2-2+deb9u2	libarchive-tools-dbgsym_3.2.2-2+deb9u2_ppc64el.deb
Debian	10	i386	libarchive13	< 3.3.3-4+deb10u1	libarchive13_3.3.3-4+deb10u1_i386.deb