Updated libarchive packages fix security vulnerability: archive_read_support_format_lha.c in libarchive before 3.4.1 does not ensure valid sizes for UTF-16 input, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted LHA archive (CVE-2019-20509). The libarchive package has been updated to version 3.4.3, fixing this issue and other bugs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 7 | noarch | libarchive | < 3.4.3-1 | libarchive-3.4.3-1.mga7 |