MGASA-2019-0030

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0030.html

Import Source

https://advisories.mageia.org/MGASA-2019-0030.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2019-0030

Related

Published

2019-01-11T05:54:06Z

Modified

2019-01-11T05:28:38Z

Summary

Updated libarchive packages fix security vulnerabilities

Details

readheader in archivereadsupportformatrar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archivereadformatrarreadheader (CVE-2017-14502).

Multiple security issues were found in libarchive: Processing malformed RAR archives could result in denial of service or the execution of arbitrary code and malformed WARC, LHarc, ISO, Xar or CAB archives could result in denial of service (CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000879, CVE-2018-1000880).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2019-0030

Affected packages