ELA-62-1 libarchive security update

denial-of-service

Packagelibarchive
Version3.0.4-3+wheezy6+deb7u2
Related CVE CVE-2017-14501 CVE-2017-14502 CVE-2017-14503

Several security vulnerabilities were found in libarchive, a multi-format archive and compression library. Heap-based buffer over-reads, NULL pointer dereferences and out-of-bounds reads allow remote attackers to cause a denial-of-service (application crash) via specially crafted archive files.

For Debian 7 Wheezy, these problems have been fixed in version 3.0.4-3+wheezy6+deb7u2.

We recommend that you upgrade your libarchive packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/