Updated libarchive packages fix security vulnerabilities

🗓️ 06 Mar 2020 16:13:58Reported by Gentoo FoundationType

Updated libarchive packages fix security vulnerabilities In Libarchive 3.4.0, archive_wstring_append_from_mbs has an out-of-bounds read. archive_read_support_format_rar5.c attempts to unpack a RAR5 file with an invalid or corrupted header leading to a SIGSEGV or other impact

Reporter	Title	Published	Views	Family All 106
Tenable Nessus	Alibaba Cloud Linux 3 : 0019: libarchive (ALINUX3-SA-2022:0019)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : libarchive (ALSA-2020:4443)	9 Feb 202200:00	–	nessus
Tenable Nessus	CentOS 8 : libarchive (CESA-2020:4443)	1 Feb 202100:00	–	nessus
Tenable Nessus	Debian DLA-2987-1 : libarchive - LTS security update	2 May 202200:00	–	nessus
Tenable Nessus	Debian dla-3202 : bsdcpio - security update	23 Nov 202200:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : libarchive (EulerOS-SA-2020-1159)	25 Feb 202000:00	–	nessus
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.6.0 : libarchive (EulerOS-SA-2020-1362)	2 Apr 202000:00	–	nessus
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.2.0 : libarchive (EulerOS-SA-2020-1569)	1 May 202000:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP5 : libarchive (EulerOS-SA-2020-1607)	2 Jun 202000:00	–	nessus
Tenable Nessus	EulerOS Virtualization 3.0.6.0 : libarchive (EulerOS-SA-2020-1779)	1 Jul 202000:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Mageia	7	any	libarchive	3.4.0-1.1	libarchive-3.4.0-1.1.noarch.rpm

Source	Link
bugs	www.bugs.mageia.org/show_bug.cgi
usn	www.usn.ubuntu.com/4293-1/

06 Mar 2020 16:13Current

7High risk

Vulners AI Score7

CVSS 26.8

CVSS 3.18.8

EPSS0.02196

libarchive security vulnerabilities rar5 file sigsegv