Advisories » MGASA-2018-0361

Updated libarchive packages fix security vulnerabilities

Publication date: 31 Aug 2018
Modification date: 31 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-14501 , CVE-2017-14503

Description

The updated packages fix security vulnerabilities:

An out-of-bounds read flaw exists in parse_file_info in 
archive_read_support_format_iso9660.c in libarchive 3.3.2 when
extracting a specially crafted iso9660 iso file, related to
archive_read_format_iso9660_read_header (CVE-2017-14501).

libarchive 3.3.2 suffers from an out-of-bounds read within
lha_read_data_none() in archive_read_support_format_lha.c when
extracting a specially crafted lha archive, related to lha_crc16
(CVE-2017-14503).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23437
• https://usn.ubuntu.com/3736-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503

SRPMS

6/core

• libarchive-3.3.1-1.2.mga6