Updated libarchive packages fix security vulnerability
Publication date: 12 Feb 2022Modification date: 12 Feb 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-31566 , CVE-2021-36976
Description
Processing fixup entries may follow symbolic links. (CVE-2021-31566)
libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called
from do_uncompress_block and process_block). (CVE-2021-36976)
References
SRPMS
8/core
- libarchive-3.5.3-1.mga8