Updated libarchive packages fix security vulnerability
Publication date: 10 Jun 2020Modification date: 10 Jun 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-20509
Description
Updated libarchive packages fix security vulnerability:
archive_read_support_format_lha.c in libarchive before 3.4.1 does not
ensure valid sizes for UTF-16 input, which allows remote attackers to
cause a denial of service (heap-based buffer over-read and application
crash) via a crafted LHA archive (CVE-2019-20509).
The libarchive package has been updated to version 3.4.3, fixing this
issue and other bugs.
References
- https://bugs.mageia.org/show_bug.cgi?id=26691
- https://github.com/libarchive/libarchive/releases/tag/v3.4.1
- https://github.com/libarchive/libarchive/releases/tag/v3.4.2
- https://github.com/libarchive/libarchive/releases/tag/v3.4.3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6OTE7GWASH2ZOVG5H3HEN5PR6B3KF7JB/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20509
SRPMS
7/core
- libarchive-3.4.3-1.mga7