Fedora 30: libarchive FEDORA-2019-71b2273a9f
Summary
Libarchive is a programming library that can create and read several different
streaming archive formats, including most popular tar variants, several cpio
formats, and both BSD and GNU ar variants. It can also write shar archives and
read ISO9660 CDROM images and ZIP archives.
Security fix for CVE-2019-18408 RAR reader: fix use after free If
read_data_compressed() returns ARCHIVE_FAILED, the caller is allowed to continue
with next archive headers. We need to set rar->start_new_table after the
ppmd7_context got freed, otherwise it won't be allocated again.
* Mon Nov 18 2019 Ondrej Dubaj
- fixed use after free in rar (#1769980)
- fixed zstd test
[ 1 ] Bug #1769980 - CVE-2019-18408 libarchive: use-after-free in archive_read_format_rar_read_data when there is an error in the decompression of an archive entry [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1769980
su -c 'dnf upgrade --advisory FEDORA-2019-71b2273a9f' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
FEDORA-2019-71b2273a9f 2020-04-01 02:35:47.694450 Product : Fedora 30 Version : 3.3.3 Release : 7.fc30 URL : http://www.libarchive.org/ Summary : A library for handling streaming archive formats Description : Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives. Security fix for CVE-2019-18408 RAR reader: fix use after free If read_data_compressed() returns ARCHIVE_FAILED, the caller is allowed to continue with next archive headers. We need to set rar->start_new_table after the ppmd7_context got freed, otherwise it won't be allocated again. * Mon Nov 18 2019 Ondrej Dubaj - 3.3.3-7 - fixed use after free in rar (#1769980) - fixed zstd test [ 1 ] Bug #1769980 - CVE-2019-18408 libarchive: use-after-free in archive_read_format_rar_read_data when there is an error in the decompression of an archive entry [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1769980 su -c 'dnf upgrade --advisory FEDORA-2019-71b2273a9f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Change Log
References
Update Instructions
