Stay Secure with the Latest Linux Advisories

security advisoryupdatebug fix

Slackware 15.0 Libarchive Security Advisory 2024-258-01: Critical Fixes

New libarchive packages are available for Slackware 15.0 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libarchive (SSA:2024-258-01) New libarchive packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/libarchive-3.7.5-i586-1_slack15.0.txz: Upgraded. This update fixes the following security issues: fix multiple vulnerabilities identified by SAST (#2251, #2256) cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258) lzop: prevent integer overflow (#2174) rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696) rar4: fix CVE-2024-26256 (#2269) rar4: fix OOB in delta and audio filter (#2148, #2149) rar4: fix out of boundary access with large files (#2179) rar4: add boundary checks to rgb filter (#2210) rar4: fix OOB access with unicode filenames (#2203) rar5: clear 'data ready' cache on window buffer reallocs (#2265) rpm: calculate huge header sizes correctly (#2158) unzip: unify EOF handling (#2175) util: fix out of boundary access in mktemp functions (#2160) uu: stop processing if lines are too long (#2168) For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-20696 https://www.cve.org/CVERecord?id=CVE-2024-26256 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: Updated package for Slackware x86_64 15.0: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 15.0 package: f3b7cdacc3d264f4bcc20f078c0c22b4 libarchive-3.7.5-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 2845ee62628435d7995d5351d6e84e79 libarchive-3.7.5-x86_64-1_slack15.0.txz Slackware -current package: cb11536dc6673f3c6b848229129d0363 l/libarchive-3.7.5-i686-1.txz Slackware x86_64 -current package: 35ec40489069558505b9db8bd66ca2c2 l/libarchive-3.7.5-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg libarchive-3.7.5-i586-1_slack15.0.txz +-----+ . New libarchive packages for Slackware 15.0 tackle various security concerns. Upgrading is advised for system protection.. libarchive Update, Slackware Security, Package Upgrade, SAST Issues, Linux Security Advisory. . Severity: Critical. LinuxSecurity.com Team

Sep 14, 2024 •Critical Slackware