[Secure-testing-team] Bug#853278: libarchive: CVE-2017-5601
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 31 05:51:53 UTC 2017
Source: libarchive
Version: 3.2.1-5
Severity: grave
Tags: upstream security patch
Justification: user security hole
Hi,
the following vulnerability was published for libarchive.
CVE-2017-5601[0]:
| An error in the lha_read_file_header_1() function
| (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote
| attackers to trigger an out-of-bounds read memory access and
| subsequently cause a crash via a specially crafted archive.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Once fixed for sid, can you please ask for an unblock so we have the
fix for the upcoming stable release stretch as well?
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-5601
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list