ELA-82-1 libarchive security update

Denial of service vulnerabilities

Related CVE CVE-2019-1000019 CVE-2019-1000020

Two vulnerabilities were discovered and corrected in the libarchive multi-format compression library, first fixing an issue where a specially-crafted .z7ip file could cause a denial-of-service attack via a crash (CVE-2019-1000019) in addition to an endless-loop vulnerability where a malicious ISO9660 image could cause an infinite loop (CVE-2019-1000020).

For Debian 7 Wheezy, these problems have been fixed in version 3.0.4-3+wheezy6+deb7u3.

We recommend that you upgrade your libarchive packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/