Advisories » MGASA-2024-0363

Updated libarchive packages fix security vulnerability

Publication date: 13 Nov 2024
Modification date: 13 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-20696

Description

A heap-based out-of-bounds write vulnerability was discovered in
libarchive, a multi-format archive and compression library, which may
result in the execution of arbitrary code if a specially crafted RAR
archive is processed. (CVE-2024-20696)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33757
• https://lists.debian.org/debian-security-announce/2024/msg00220.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20696

SRPMS

9/core

• libarchive-3.6.2-5.3.mga9