Mageia 6: MGASA-2018-0361 Critical: Libarchive Out-Of-Bounds Read Threat
mageia
August 31, 2018
The updated packages fix security vulnerabilities: An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracti...
Summary
The updated packages fix security vulnerabilities:
An out-of-bounds read flaw exists in parse_file_info in
archive_read_support_format_iso9660.c in libarchive 3.3.2 when
extracting a specially crafted iso9660 iso file, related to
archive_read_format_iso9660_read_header (CVE-2017-14501).
libarchive 3.3.2 suffers from an out-of-bounds read within
lha_read_data_none() in archive_read_support_format_lha.c when
extracting a specially crafted lha archive, related to lha_crc16
(CVE-2017-14503).
References
- https://bugs.mageia.org/show_bug.cgi?id=23437
- https://ubuntu.com/security/notices/USN-3736-1
- https://www.cve.org/CVERecord?id=CVE-2017-14501
- https://www.cve.org/CVERecord?id=CVE-2017-14503
Topics Covered
Resolution
SRPMS
- 6/core/libarchive-3.3.1-1.2.mga6
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 31 Aug 2018
URL: https://advisories.mageia.org/MGASA-2018-0361.html
Type: security
CVE: CVE-2017-14501,
CVE-2017-14503
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!