Updated libarchive packages fix security vulnerability
Publication date: 13 Feb 2019Modification date: 13 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-1000019 , CVE-2019-1000020
Description
libarchive contains an out-of-bounds read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file (CVE-2019-1000019). libarchive contains an infinite loop vulnerability in the ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file (CVE-2019-1000020).
References
SRPMS
6/core
- libarchive-3.3.1-1.5.mga6