libarchive-3.5.3-4.el9

エラータID: AXSA:2023-5392:01

Release date: 
Wednesday, May 17, 2023 - 09:16
Subject: 
libarchive-3.5.3-4.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Low
Description: 

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.

Security Fix(es):

* libarchive: NULL pointer dereference in archive_write.c (CVE-2022-36227)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-36227
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."

Solution: 

Update packages.

CVEs: 
CVE-2022-36227
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."
Additional Info: 

N/A

Download: 

SRPMS
  1. libarchive-3.5.3-4.el9.src.rpm
    MD5: 39b97460c7cb0f1ec586044c277e219b
    SHA-256: 298ec0d401aa70615d2792d745c5d4a6a3780616a7e3aca0d738c8cb7fb9b2d4
    Size: 6.72 MB

Asianux Server 9 for x86_64
  1. bsdtar-3.5.3-4.el9.x86_64.rpm
    MD5: f79693dbf872bd001b6034d4d54b4a5b
    SHA-256: 3b3f2cad3d6b4e6a7c6755034a0f7780d62beba0f18b7f4b6d5237c6b915131a
    Size: 62.51 kB
  2. libarchive-3.5.3-4.el9.i686.rpm
    MD5: f4182d8ecf0bc28240905f2d2b5b1f2b
    SHA-256: ec074d635d9a28daf25c4b6062558ce19731692ea198f1eb0fbac806160ef1fc
    Size: 435.78 kB
  3. libarchive-3.5.3-4.el9.x86_64.rpm
    MD5: 2a50d3d2f0328dd155164176980625b7
    SHA-256: 7ea85402fdb49041629c106c6744f70661b45d111306f142821f4324c5ef8eca
    Size: 387.77 kB
  4. libarchive-devel-3.5.3-4.el9.i686.rpm
    MD5: eaacdcdc8438fdfcb7f725466d379270
    SHA-256: 1909146635992e97498b4e31d1f4e4080935b494792b08996d81f558e9df6aae
    Size: 125.10 kB
  5. libarchive-devel-3.5.3-4.el9.x86_64.rpm
    MD5: 756afdf7eda44f3f7a89c298b4f5dd3d
    SHA-256: a1a8ca548d53b8b6ead9a0c460890ead1f750c92169bd7484f5baefbf5ba82b2
    Size: 125.10 kB