Debian 9858 Published by

The following updates has been released for Debian 7 LTS:

[DLA 660-1] libxrandr security update
[DLA 661-1] libarchive security update



[DLA 660-1] libxrandr security update

Package : libxrandr
Version : 2:1.3.2-2+deb7u2
CVE ID : CVE-2016-7947 CVE-2016-7948
Debian Bug : 840441

Insufficient validation of data from the X server in libxrandr
before v1.5.0 can cause out of boundary memory writes and integer
overflows.

For Debian 7 "Wheezy", these problems have been fixed in version
2:1.3.2-2+deb7u2.

We recommend that you upgrade your libxrandr packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 661-1] libarchive security update

Package : libarchive
Version : 3.0.4-3+wheezy5
CVE ID : CVE-2016-8687 CVE-2016-8688 CVE-2016-8689
Debian Bug : 840934 840935 840936


Agostino Sarubbo of Gentoo discovered several security vulnerabilities
in libarchive, a multi-format archive and compression library. An
attacker could take advantage of these flaws to cause a buffer overflow
or an out of bounds read using a carefully crafted input file.

CVE-2016-8687

Agostino Sarubbo of Gentoo discovered a possible stack-based buffer
overflow when printing a filename in bsdtar_expand_char() of util.c.

CVE-2016-8688

Agostino Sarubbo of Gentoo discovered a possible out of bounds read
when parsing multiple long lines in bid_entry() and detect_form() of
archive_read_support_format_mtree.c.

CVE-2016-8689

Agostino Sarubbo of Gentoo discovered a possible heap-based buffer
overflow when reading corrupted 7z files in read_Header() of
archive_read_support_format_7zip.c.

For Debian 7 "Wheezy", these problems have been fixed in version
3.0.4-3+wheezy5.

We recommend that you upgrade your libarchive packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS