Debian Linux Security Advisory 4685-1 - Shuaibing Lu discovered that missing input validation in the ar/tar implementations of APT, the high level package manager, could result in denial of service when processing specially crafted deb files.
d11a1baf9490082af927a3e0c3aa42218a73c54fe7796464fc703c7e99185b0f-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4685-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 14, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : apt
CVE ID : CVE-2020-3810
Shuaibing Lu discovered that missing input validation in the ar/tar
implementations of APT, the high level package manager, could result in
denial of service when processing specially crafted deb files.
For the oldstable distribution (stretch), this problem has been fixed
in version 1.4.10.
For the stable distribution (buster), this problem has been fixed in
version 1.8.2.1.
We recommend that you upgrade your apt packages.
For the detailed security status of apt please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/apt
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl68wmxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0ShoRAAkd9F6owCj7megYVSKGBY5IKRMtLaUeDt/Akly8n24SGdyOAwD+/7g6Id
dWXhF/YENBFieMObDGHJnL7P5yPCuBfU7MQG/hzfYtx8MBgPIsM3dqNjvSadLPAv
/Qe/t01cOSGg06ymN94lALOK4IbpDlh99fi3lplC/ZMCk51Ru+6AT5V212goLTwT
EWEwpzig1NFdLZiaE2yoeezI05zuhg7/hIC2ligbTIZvp0jeqHR9sJQYqu8QAC47
NJhUZ2Ll8t2yw3L6DCrKryYfSxn5Sn52en1HziMr/9IDZkhJZEM8gO9J73IW0XTJ
lF7mFGnjb5QOXIEtkfWFHlBLsms1rayYZ+0N7mUzl47flvqVZeveetuCr9K8bsTa
mW5/pZ+IctRP7jGkPJhzjCQzF8yknUZH1kkR4v+DTTe9Jzi7P0fmkuEKJykI1sA2
tMT9Ti4aqs4Q6YSDoQdtTZBTw4fYJKFW12Q/3ZeOSlZ1d9/EXmlFkkGS3RzI1dmD
Z3jSYNVvIN5RhFxZ8AFpVyQQyl91PgxnFWThTRvVdJJAhSHQ+gJRgHUvcSkSt/s9
DlI+53t3X2m8dUNiNkpKsUsVu1e5qAAPM5540vGHjeBvUcc9BN/cvJeeaL46c0j8
BYXzAQujqcT7+mRVMkYfVRALYb/g/Vns23QSgFoCnBReuirE+x4=
=k9r8
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed