Mageia 7: MGASA-2020-0253 Critical: Libarchive Denial of Service
mageia
June 10, 2020
Advisory text to describe the update
Summary
Advisory text to describe the update.
Wrap lines at ~75 chars.
Updated libarchive packages fix security vulnerability:
archive_read_support_format_lha.c in libarchive before 3.4.1 does not
ensure valid sizes for UTF-16 input, which allows remote attackers to
cause a denial of service (heap-based buffer over-read and application
crash) via a crafted LHA archive (CVE-2019-20509).
The libarchive package has been updated to version 3.4.3, fixing this
issue and other bugs.
References
- https://bugs.mageia.org/show_bug.cgi?id=26691
- https://github.com/libarchive/libarchive/releases/tag/v3.4.1
- https://github.com/libarchive/libarchive/releases/tag/v3.4.2
- https://github.com/libarchive/libarchive/releases/tag/v3.4.3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6OTE7GWASH2ZOVG5H3HEN5PR6B3KF7JB/
- https://www.cve.org/CVERecord?id=CVE-2019-20509
Resolution
SRPMS
- 7/core/libarchive-3.4.3-1.mga7
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 10 Jun 2020
URL: https://advisories.mageia.org/MGASA-2020-0253.html
Type: security
CVE: CVE-2019-20509
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!