drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Überschreiben von Dateien in libarchive
Name: |
Überschreiben von Dateien in libarchive |
|
ID: |
DSA-3180-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian wheezy |
|
Datum: |
Do, 5. März 2015, 22:29 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
libarchive |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3180-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini March 05, 2015 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : libarchive CVE ID : no yet available Debian Bug : 778266
Alexander Cherepanov discovered that bsdcpio, an implementation of the 'cpio' program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths.
For the stable distribution (wheezy), this problem has been fixed in version 3.0.4-3+wheezy1.
For the upcoming stable distribution (jessie), this problem has been fixed in version 3.1.2-11.
For the unstable distribution (sid), this problem has been fixed in version 3.1.2-11.
We recommend that you upgrade your libarchive packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJU+MLMAAoJEBDCk7bDfE42Z3wP/RcDQklhuyOun2ieeJjg1Fl9 mWN+mzCjy66ClR5IJijiqSVRgRBlSZ3RiTaXWmSAdkyU9Fsn5pDP/G0S8v6tsLbk 9cik8OoZxHY6F6AuAWiTHTxNci1xZeK5/hCOFCbVykN8t3Hte/vyAr+zdyKD+D5C NKQXNRPWFqSawUYPm5t58F9TGD7SJy9oSBdcvZHmXWm6VVsHgg22UaV5GUwqPnEU 3wB/5//j6HZfRnz88R8hWhOrTKDURN+8y2fPFjv7a6zPlRw7nr2uf+BzIQZkWIso DGr+BY2Gmgla3NN8pu16vI/6kdDC27ISOdqo49EHBzyPDN0kglJl8tT66tMCD9rs 9vbaETkI1bd7WbJUw/ViwF0c+14enVtffnRAjbxKfsUnoRkNf6Y2LI7RcNJ2fnCG bCYrMeCLBqeW/zSfq+wXH6yQcb0o7dGxOhu0Cxc+h7CwERJMP+W8cXwb5WoN9KCk o3bv3JWnl/dYhGtHUFLO3T+Vtmpi9Lfr2c9kdho5QHYVB44yb/0p9mSlYR2igtMb o/nW+J6Ae98+rctFA0S5QN9VaMHTKQN35+9gIKCE0lNJ+jN0Kk5rNZjg5kTW8pmK fnlD2SxO7xQiJP3+6j+WGHAbOtO6Tq1/t91ELtexQel/6i6dj1vvOWN1sxzvz8BW aKHZMQ1DAnW5DW80HBW+ =k/du -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/20150305205739.GA11978@pisco.westfalen.local
|
|
|
|