MGASA-2022-0142 - Updated libarchive packages fix security vulnerability Publication date: 15 Apr 2022 URL: https://advisories.mageia.org/MGASA-2022-0142.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-26280 7zip reader: fix PPMD read beyond boundary. ZIP reader: fix possible out of bounds read. ISO reader: fix possible heap buffer overflow in read_children(). RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0): - fix heap use after free in archive_read_format_rar_read_data(); - fix null dereference in read_data_compressed(); - fix heap user after free in run_filters(). References: - https://bugs.mageia.org/show_bug.cgi?id=30271 - https://github.com/libarchive/libarchive/releases/tag/v3.6.1 - https://ubuntu.com/security/notices/USN-5374-1 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26280 SRPMS: - 8/core/libarchive-3.6.1-1.mga8