Updated libarchive packages fix security vulnerabilities
Publication date: 31 Aug 2018Modification date: 31 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-14501 , CVE-2017-14503
Description
The updated packages fix security vulnerabilities: An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header (CVE-2017-14501). libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16 (CVE-2017-14503).
References
SRPMS
6/core
- libarchive-3.3.1-1.2.mga6