Advisories » MGASA-2017-0056

Updated libarchive packages fix security vulnerability

Publication date: 20 Feb 2017
Modification date: 20 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-5601

Description

An error in the lha_read_file_header_1() function
(archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote
attackers to trigger an out-of-bounds read memory access and subsequently
cause a crash via a specially crafted archive. (CVE-2017-5601)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20223
• https://lwn.net/Alerts/713127/
• https://security-tracker.debian.org/tracker/CVE-2017-5601
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5601

SRPMS

5/core

• libarchive-3.2.2-1.1.mga5