Advisories ยป MGASA-2018-0361

Updated libarchive packages fix security vulnerabilities

Publication date: 31 Aug 2018
Modification date: 31 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-14501 , CVE-2017-14503

Description

The updated packages fix security vulnerabilities:

An out-of-bounds read flaw exists in parse_file_info in 
archive_read_support_format_iso9660.c in libarchive 3.3.2 when
extracting a specially crafted iso9660 iso file, related to
archive_read_format_iso9660_read_header (CVE-2017-14501).

libarchive 3.3.2 suffers from an out-of-bounds read within
lha_read_data_none() in archive_read_support_format_lha.c when
extracting a specially crafted lha archive, related to lha_crc16
(CVE-2017-14503).
                

References

SRPMS

6/core