Mageia 2022-0060: libarchive security update
Summary
Processing fixup entries may follow symbolic links. (CVE-2021-31566)
libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called
from do_uncompress_block and process_block). (CVE-2021-36976)
References
- https://bugs.mageia.org/show_bug.cgi?id=30023
- https://github.com/libarchive/libarchive/releases/tag/v3.5.3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31566
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36976
Resolution
MGASA-2022-0060 - Updated libarchive packages fix security vulnerability
SRPMS
- 8/core/libarchive-3.5.3-1.mga8