Synopsis: Moderate: libarchive security update
Advisory ID: SLSA-2019:2298-1
Issue Date: 2019-08-06
CVE Numbers: CVE-2018-1000878
CVE-2017-14503
CVE-2019-1000020
CVE-2019-1000019
CVE-2018-1000877
—
Security Fix(es):
* libarchive: Double free in RAR decoder resulting in a denial of service
(CVE-2018-1000877)
* libarchive: Use after free in RAR decoder resulting in a denial of
service (CVE-2018-1000878)
* libarchive: Out of bounds read in archive_read_support_format_7zip.c
resulting in a denial of service (CVE-2019-1000019)
* libarchive: Infinite recursion in archive_read_support_format_iso9660.c
resulting in denial of service (CVE-2019-1000020)
* libarchive: Out-of-bounds read in lha_read_data_none (CVE-2017-14503)
—
SL7
x86_64
libarchive-3.1.2-12.el7.x86_64.rpm
libarchive-3.1.2-12.el7.i686.rpm
libarchive-devel-3.1.2-12.el7.i686.rpm
bsdcpio-3.1.2-12.el7.x86_64.rpm
bsdtar-3.1.2-12.el7.x86_64.rpm
libarchive-devel-3.1.2-12.el7.x86_64.rpm
libarchive-debuginfo-3.1.2-12.el7.i686.rpm
libarchive-debuginfo-3.1.2-12.el7.x86_64.rpm
– Scientific Linux Development Team
