libarchive-3.3.2-9.el8
エラータID: AXSA:2020-1004:02
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.
Security Fix(es):
* libarchive: out-of-bounds read in archive_wstring_append_from_mbs in archive_string.c (CVE-2019-19221)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Asianux Server 8.3 Release Notes linked from the References section.
CVE-2019-19221
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.
Update packages.
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.
N/A
SRPMS
- libarchive-3.3.2-9.el8.src.rpm
MD5: ef1c445d82371e1cc093ae0170c078cb
SHA-256: 2461c0a1e8a52d75298fbd7610deced158aa99cc32fb43855815a510b51ff170
Size: 5.96 MB
Asianux Server 8 for x86_64
- bsdtar-3.3.2-9.el8.x86_64.rpm
MD5: 66bbfce339a125081ead3929d34fa294
SHA-256: c8db35b18cd07a6e7b637860b86b65744e5a0619a5100d3f9e7300d286db254c
Size: 69.33 kB - libarchive-3.3.2-9.el8.x86_64.rpm
MD5: 0b9c19a164798aeca533de9c030617eb
SHA-256: ed48929ed168845433f15506f72a05787375afdd12fc0420302854b9704d0678
Size: 356.54 kB - libarchive-3.3.2-9.el8.i686.rpm
MD5: 9354ac9ade81e9c25412d89209fe0c0c
SHA-256: d136c99651ac801005151e0fbe8ade0e102b690fc16045e02543e9577b1aa4b7
Size: 397.87 kB