Debian 10262 Published by

An apt security update has been released for Debian GNU/Linux 8 Extended LTS to fix a missing input validation in the ar/tar implementations of APT.



ELA-344-1 apt security update

Package apt
Version 1.0.9.8.7
Related CVEs CVE-2020-27350

It was discovered that missing input validation in the ar/tar implementations of APT, the high level package manager, could cause out-of-bounds reads or infinite loops, resulting in denial of service when processing malformed deb files.

For Debian 8 jessie, these problems have been fixed in version 1.0.9.8.7.

We recommend that you upgrade your apt packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-344-1 apt security update