Advisories ยป MGASA-2019-0030

Updated libarchive packages fix security vulnerabilities

Publication date: 11 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-14502 , CVE-2018-1000877 , CVE-2018-1000878 , CVE-2018-1000879 , CVE-2018-1000880


read_header in archive_read_support_format_rar.c in libarchive 3.3.2
suffers from an off-by-one error for UTF-16 names in RAR archives,
leading to an out-of-bounds read in archive_read_format_rar_read_header

Multiple security issues were found in libarchive: Processing malformed
RAR archives could result in denial of service or the execution of
arbitrary code and malformed WARC, LHarc, ISO, Xar or CAB archives could
result in denial of service (CVE-2018-1000877, CVE-2018-1000878,
CVE-2018-1000879, CVE-2018-1000880).