Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2059 libarchive security update 31 August 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libarchive Publisher: Debian Operating System: Debian GNU/Linux 8 UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2016-5844 CVE-2016-4809 CVE-2016-4302 CVE-2016-4300 CVE-2015-8934 CVE-2015-8933 CVE-2015-8932 CVE-2015-8931 CVE-2015-8930 CVE-2015-8928 CVE-2015-8926 CVE-2015-8925 CVE-2015-8923 CVE-2015-8922 CVE-2015-8921 CVE-2015-8920 CVE-2015-8919 CVE-2015-8917 CVE-2015-8916 Reference: ESB-2016.1875 ESB-2016.1862 Original Bulletin: http://www.debian.org/security/2016/dsa-3657 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3657-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 30, 2016 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libarchive CVE ID : CVE-2015-8916 CVE-2015-8917 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8925 CVE-2015-8926 CVE-2015-8928 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8933 CVE-2015-8934 CVE-2016-4300 CVE-2016-4302 CVE-2016-4809 CVE-2016-5844 Hanno Boeck and Marcin Noga discovered multiple vulnerabilities in libarchive; processing malformed archives may result in denial of service or the execution of arbitrary code. For the stable distribution (jessie), these problems have been fixed in version 3.1.2-11+deb8u2. For the testing distribution (stretch), these problems have been fixed in version 3.2.1-1. For the unstable distribution (sid), these problems have been fixed in version 3.2.1-1. We recommend that you upgrade your libarchive packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJXxfarAAoJEBDCk7bDfE42iNgP/RTYOMRpZqnkowRQ2f3epxxa 2YuD6ok1BcwU7Rwl2522IsTcJMMb8bacdcErrW25ww6Iyfe5yIAGaWcjd2GY+YTU g5jufcf2tVeWS1iMi6ovQx+5bbAXyP+DdP4heFVzXKVa9Faz+Ke60a8W45xZHtpF 9F8bDo22FhSD2GwXEBviSAEYmk41wX27wFBwA/NWcTdVWlava4/a95bu8fLgrAXt BLqKVXBOydta46uX57WkMVQP7HRJH9NQul5K6gBuCO3CU9OPo7mpLOeLYmMZpTfr DmsM26pAQ6xnqsvLQzgFxfvT3ssZonNbwpw4HKTHq24GDyQJ+1Ko8M5x3Q852BZs P1fMpCjNfBEee8R1cOvi01nhQO0D27hWrH04n/nymR099xbNul2OoBNcKVO0FUrE jrwWhCAzcBUPIrbCvbDz73nWvtUgrocyMKFruoDBt3gRKemsbLQAyO5+BUyNjvkp W5Sls4zFfGCDjdJ/GGHNykytGkZEMrmrxcCbkMCfFSClR9LTvaFOcyaj9Cci9ftg lEL3+/Y9NZheozOV1YXF29U2VtK7HQvr0f+Z+puAYGzA7UHNsVo3QX7L6YLdIuwF mJ4rNrr/bWDKCimD3TH0XyMlSw62mfYb5t+fYdhzotvilXrNyoBJZNEsGVzYCsvX Hbz7brvSHYoMI/HfWqe1 =5g5q - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV8ZDS4x+lLeg9Ub1AQgTMQ/8DIYOINPgOdW4nWmo503bdaRA0O6oP7vk g9uReDMl+Zefzj0FqiJmZRWRzq33017yMbiFHjvDldNOhjgV5LE9Md6Aqm1OrHfC FSE6hWhJ+k9PWqglM17dAZl8KaMXSfqfsMuLbHPMH/MoqcLXLbJNduhAmrdIouTH fa+NmGGX9qkV3RtR/JJn4tnfANN+5zAXVofkh+Ub4891IZfMuB6iDDXvwSE8c11U NoSw4MrWMWneF5dxSNNsWSEdoChHas2rDJ0m9GnZjJ5i2UYc2gH68QCPDkAAf0SE EgXz2PHIfmfyIJ+5Ai2GFo4A0BBlnPhSc/54cSjZvHiwMjBNkF00pyvtH7oU0yU9 AE4ucSLE8oPq7Ruinx/RIF/hXn57ON1RGv22WsClL2pzos5woeQFQ36rzELWVRz6 N0xUCa3+YAloj9jwIJvrZhoN5lvU04THiwGRkstTgoDC13bJ+CJIfwQk/+0gMVcR lyh7mSHDVhc50V9WJ/oZJWsXR5qaXc/v+2RcKGQ9IA58FLNMHBRPj0kJAgB4nOb7 iYxGLkOJxt3lc6kZ+pxZD2U2CCkT+fDiDS3HhAUADcpmg36pVBAaUa4s5Zh2l9kS 8GK9GbDcrUwBJ78SQ3MPGSJfA7szqw8Kfh3oju4FRAkcE7kN/IcTJEysxbC7cNhW k2goQrCjVYg= =9/KM -----END PGP SIGNATURE-----