Debian 10225 Published by

Updated libarchive packages are available for Debian 7 LTS



Package : libarchive
Version : 3.0.4-3+wheezy6+deb7u1
CVE ID : CVE-2017-14166
Debian Bug : #874539

It was discovered that there was a denial of service vulnerability in the
libarchive multi-format compression library. A specially-crafted .xar
archive could cause via a heap-based buffer over-read.

For Debian 7 "Wheezy", this issue has been fixed in libarchive version
3.0.4-3+wheezy6+deb7u1.

We recommend that you upgrade your libarchive packages.