Mageia 6 MGASA-2019-0030 Critical: Libarchive Out-Of-Bounds Read
mageia
January 11, 2019
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_...
Summary
read_header in archive_read_support_format_rar.c in libarchive 3.3.2
suffers from an off-by-one error for UTF-16 names in RAR archives,
leading to an out-of-bounds read in archive_read_format_rar_read_header
(CVE-2017-14502).
Multiple security issues were found in libarchive: Processing malformed
RAR archives could result in denial of service or the execution of
arbitrary code and malformed WARC, LHarc, ISO, Xar or CAB archives could
result in denial of service (CVE-2018-1000877, CVE-2018-1000878,
CVE-2018-1000879, CVE-2018-1000880).
References
- https://bugs.mageia.org/show_bug.cgi?id=24075
- http://lists.suse.com/pipermail/sle-security-updates/2018-December/004927.html
- https://lists.debian.org/debian-security-announce/2018/msg00293.html
- https://www.cve.org/CVERecord?id=CVE-2017-14502
- https://www.cve.org/CVERecord?id=CVE-2018-1000877
- https://www.cve.org/CVERecord?id=CVE-2018-1000878
- https://www.cve.org/CVERecord?id=CVE-2018-1000879
- https://www.cve.org/CVERecord?id=CVE-2018-1000880
Resolution
SRPMS
- 6/core/libarchive-3.3.1-1.4.mga6
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 11 Jan 2019
URL: https://advisories.mageia.org/MGASA-2019-0030.html
Type: security
CVE: CVE-2017-14502,
CVE-2018-1000877,
CVE-2018-1000878,
CVE-2018-1000879,
CVE-2018-1000880
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!