| Package | libarchive |
|---|---|
| Version | 3.0.4-3+wheezy6+deb7u3 |
| Related CVEs | CVE-2019-1000019 CVE-2019-1000020 |
Two vulnerabilities were discovered and corrected in the libarchive multi-format compression library, first fixing an issue where a specially-crafted .z7ip file could cause a denial-of-service attack via a crash (CVE-2019-1000019) in addition to an endless-loop vulnerability where a malicious ISO9660 image could cause an infinite loop (CVE-2019-1000020).
For Debian 7 Wheezy, these problems have been fixed in version 3.0.4-3+wheezy6+deb7u3.
We recommend that you upgrade your libarchive packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.