Advisory ROSA-SA-2023-2205

Software: libarchive 3.3.3
OS: ROSA Virtualization 2.1

package_evr_string: libarchive-3.3.3.3-5.rv3.src.rpm

CVE-ID: CVE-2021-23177
BDU-ID: 2022-01463
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the libarchive archiving library is related to symbolic link tracking. Exploitation of the vulnerability could allow an attacker to escalate their privileges by helping the attacker open a specially crafted archive.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libarchive command.

CVE-ID: CVE-2021-31566
BDU-ID: 2022-01464
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the libarchive archiving library is related to symbolic link tracking. Exploitation of the vulnerability could allow an attacker to escalate their privileges by creating a specially formed link to a malicious file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libarchive command

CVE-ID: CVE-2022-36227
BDU-ID: 2022-07496
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the calloc() function of the libarchive archiving library is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code or cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update libarchive command.