-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4167-1 security@xxxxxxxxxx https://www.debian.org/security/ Luciano Bello April 05, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : sharutils CVE ID : CVE-2018-1000097 Debian Bug : 893525 A buffer-overflow vulnerability was discovered in Sharutils, a set of utilities handle Shell Archives. An attacker with control on the input of the unshar command, could crash the application or execute arbitrary code in the its context. For the oldstable distribution (jessie), this problem has been fixed in version 4.14-2+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1:4.15.2-2+deb9u1. We recommend that you upgrade your sharutils packages. For the detailed security status of sharutils please refer to its security tracker page at: https://security-tracker.debian.org/tracker/sharutils Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAlrGU8EACgkQbsLe9o/+ N3SX9Q/6A6qLYBDrTSnlqUqjWKiQXTUGMGndookV24BCpSapSXYtFjPph6N5WVny 55vq3Ume6rZuSix8D4+WWktZTPKS2iDgVtCZWRG7Onl0WJGgkXUETrd31/hvT8PJ izGyhzlbDaQtjerZxIMXzqtjlMyUmN0cDyhRd6JxT6Uu2FMCUqkCZenfxxSbo2W9 N322K98cU20C3WO/1KnMWpVMSEEaBTnW612gcfN59eR10pilQK/Pst2PCfEaf83K 6LVI07HHIHxe3sS2WJB2CMkClYCNB9Xzcp+PyHcn9oFhmwPNFo3jix3/0ueG/Agt YOshVmk/wsRN+Kqx+b8R9/i+aZaNQV2sr9Ml0C+nHREBWxE5wykSe+F25b7Gq3AD XabbQmQouEDFtIkNQ8tVBhnhLh3HxWD35l2WQV98A1XYPCllwVqrBj7c9d2DaQDF 63zin1gCivzUtaQWmNjOTA2ATbKfDZHgqFfMvcBuIbCCykHYctHKJiEXC/5LeoI+ d61iRxytLy+l5oDDsaRi9KWFabDmgb+65asvEHwgz2nbtcxMfilanYuO7aS5ET9+ ZcEFTmhUqMb8Ly8Ln4ikLNeAtcR4MrrTXm+ZIWkzhF2eLWKuRswVL6ZdkAAls8/W fwi0b13695gwpsleoGuNOJCLQwiCOm8xmzbnNaua3LQLZmBGWmg= =dr+o -----END PGP SIGNATURE-----