ELA-184-1 libarchive security update

use after free

2019-10-27
Packagelibarchive
Version3.0.4-3+wheezy6+deb7u4
Related CVE CVE-2019-18408

An issue has been found in libarchive, a multi-format archive and compression library.

In case of a crafted archive containing several parts and one part being corrupt, there would be an use-after-free for the next part of the archive.

For Debian 7 Wheezy, these problems have been fixed in version 3.0.4-3+wheezy6+deb7u4.

We recommend that you upgrade your libarchive packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/