[SECURITY] [DLA 810-1] libarchive security update

2017-01-3107:46:53

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.006 Low

EPSS

Percentile

78.8%

JSON

Package : libarchive
Version : 3.0.4-3+wheezy5+deb7u1
CVE ID : CVE-2017-5601
Debian Bug : #853278

It was discovered that there was a heap buffer overflow in libarchive,
a multi-format archive and compression library.

For Debian 7 "Wheezy", this issue has been fixed in libarchive version
3.0.4-3+wheezy5+deb7u1.

We recommend that you upgrade your libarchive packages.

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian7armellibarchive-dev< 3.0.4-3+wheezy5+deb7u1libarchive-dev_3.0.4-3+wheezy5+deb7u1_armel.deb
Debian7amd64libarchive12< 3.0.4-3+wheezy5+deb7u1libarchive12_3.0.4-3+wheezy5+deb7u1_amd64.deb
Debian7armhfbsdcpio< 3.0.4-3+wheezy5+deb7u1bsdcpio_3.0.4-3+wheezy5+deb7u1_armhf.deb
Debian7amd64bsdtar< 3.0.4-3+wheezy5+deb7u1bsdtar_3.0.4-3+wheezy5+deb7u1_amd64.deb
Debian8amd64libarchive-dev< 3.1.2-11+deb8u4libarchive-dev_3.1.2-11+deb8u4_amd64.deb
Debian8amd64bsdcpio< 3.1.2-11+deb8u4bsdcpio_3.1.2-11+deb8u4_amd64.deb
Debian8armhflibarchive-dev< 3.1.2-11+deb8u4libarchive-dev_3.1.2-11+deb8u4_armhf.deb
Debian8i386bsdtar< 3.1.2-11+deb8u4bsdtar_3.1.2-11+deb8u4_i386.deb
Debian8i386bsdcpio< 3.1.2-11+deb8u4bsdcpio_3.1.2-11+deb8u4_i386.deb
Debian7armhflibarchive-dev< 3.0.4-3+wheezy5+deb7u1libarchive-dev_3.0.4-3+wheezy5+deb7u1_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	armel	libarchive-dev	< 3.0.4-3+wheezy5+deb7u1	libarchive-dev_3.0.4-3+wheezy5+deb7u1_armel.deb
Debian	7	amd64	libarchive12	< 3.0.4-3+wheezy5+deb7u1	libarchive12_3.0.4-3+wheezy5+deb7u1_amd64.deb
Debian	7	armhf	bsdcpio	< 3.0.4-3+wheezy5+deb7u1	bsdcpio_3.0.4-3+wheezy5+deb7u1_armhf.deb
Debian	7	amd64	bsdtar	< 3.0.4-3+wheezy5+deb7u1	bsdtar_3.0.4-3+wheezy5+deb7u1_amd64.deb
Debian	8	amd64	libarchive-dev	< 3.1.2-11+deb8u4	libarchive-dev_3.1.2-11+deb8u4_amd64.deb
Debian	8	amd64	bsdcpio	< 3.1.2-11+deb8u4	bsdcpio_3.1.2-11+deb8u4_amd64.deb
Debian	8	armhf	libarchive-dev	< 3.1.2-11+deb8u4	libarchive-dev_3.1.2-11+deb8u4_armhf.deb
Debian	8	i386	bsdtar	< 3.1.2-11+deb8u4	bsdtar_3.1.2-11+deb8u4_i386.deb
Debian	8	i386	bsdcpio	< 3.1.2-11+deb8u4	bsdcpio_3.1.2-11+deb8u4_i386.deb
Debian	7	armhf	libarchive-dev	< 3.0.4-3+wheezy5+deb7u1	libarchive-dev_3.0.4-3+wheezy5+deb7u1_armhf.deb