Mageia 7 MGASA-2020-0127: Moderate Libarchive Out-of-Bounds Crash
mageia
March 6, 2020
The updated packages fix several issues including security vulnerabilities: In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read beca...
Summary
The updated packages fix several issues including security vulnerabilities:
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c
has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call.
For example, bsdtar crashes via a crafted archive. (CVE-2019-19221)
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to
unpack a RAR5 file with an invalid or corrupted header (such as a header
size of zero), leading to a SIGSEGV or possibly unspecified other impact.
(CVE-2020-9308)
References
- https://bugs.mageia.org/show_bug.cgi?id=26290
-
- https://www.cve.org/CVERecord?id=CVE-2019-19221
- https://www.cve.org/CVERecord?id=CVE-2020-9308
Topics Covered
Resolution
SRPMS
- 7/core/libarchive-3.4.0-1.1.mga7
PREVIOUS
NEXT
Publication date: 06 Mar 2020
URL: https://advisories.mageia.org/MGASA-2020-0127.html
Type: security
CVE: CVE-2019-19221,
CVE-2020-9308
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!