Mageia 6: MGASA-2019-0074 Moderate: Libarchive Denial of Service Risk
mageia
February 13, 2019
libarchive contains an out-of-bounds read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service)
Summary
libarchive contains an out-of-bounds read vulnerability in 7zip
decompression, archive_read_support_format_7zip.c, header_bytes() that can
result in a crash (denial of service). This attack appears to be
exploitable via the victim opening a specially crafted 7zip file
(CVE-2019-1000019).
libarchive contains an infinite loop vulnerability in the ISO9660 parser,
archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that
can result in DoS by infinite loop. This attack appears to be exploitable
via the victim opening a specially crafted ISO9660 file (CVE-2019-1000020).
References
- https://bugs.mageia.org/show_bug.cgi?id=24337
- https://ubuntu.com/security/notices/USN-3884-1
- https://www.cve.org/CVERecord?id=CVE-2019-1000019
- https://www.cve.org/CVERecord?id=CVE-2019-1000020
Topics Covered
Resolution
SRPMS
- 6/core/libarchive-3.3.1-1.5.mga6
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 13 Feb 2019
URL: https://advisories.mageia.org/MGASA-2019-0074.html
Type: security
CVE: CVE-2019-1000019,
CVE-2019-1000020
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!