Advisories ยป MGASA-2019-0074

Updated libarchive packages fix security vulnerability

Publication date: 13 Feb 2019
Modification date: 13 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-1000019 , CVE-2019-1000020

Description

libarchive contains an out-of-bounds read vulnerability in 7zip
decompression, archive_read_support_format_7zip.c, header_bytes() that can
result in a crash (denial of service). This attack appears to be
exploitable via the victim opening a specially crafted 7zip file
(CVE-2019-1000019).

libarchive contains an infinite loop vulnerability in the ISO9660 parser,
archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that
can result in DoS by infinite loop. This attack appears to be exploitable
via the victim opening a specially crafted ISO9660 file (CVE-2019-1000020).
                

References

SRPMS

6/core