libarchive-2.8.3-3.AXS4

エラータID: AXSA:2012-68:01

Release date: 
Thursday, February 2, 2012 - 15:57
Subject: 
libarchive-2.8.3-3.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives.
Security issues fixed with this release:
CVE-2011-1777
CVE-2011-1778
No information available at the time of writing, please refer to the CVE links below.

Solution: 

Update packages.

CVEs: 
CVE-2011-1777
Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.
CVE-2011-1778
Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.
Additional Info: 

N/A

Download: 

SRPMS
  1. libarchive-2.8.3-3.AXS4.src.rpm
    MD5: 003e9da6864c4f4c9d194092dd4d658e
    SHA-256: e9b3c501e5c0fe9e4268bd935a1dc92b1b0ecf376d1682ff9fc8ded01fb48530
    Size: 1.38 MB

Asianux Server 4 for x86
  1. libarchive-2.8.3-3.AXS4.i686.rpm
    MD5: a356d8b2fcee47edad015960e31f30c9
    SHA-256: 83f6c82e7c52d85336464e9bb513412801679103527d621ad5b5a14f5835816b
    Size: 136.85 kB

Asianux Server 4 for x86_64
  1. libarchive-2.8.3-3.AXS4.x86_64.rpm
    MD5: de006bd47661bc78a486252deb24884e
    SHA-256: d10a5b531916a2f920d3bddff211ed8280157c590536569a2ecbecfa641f637c
    Size: 125.42 kB
  2. libarchive-2.8.3-3.AXS4.i686.rpm
    MD5: a356d8b2fcee47edad015960e31f30c9
    SHA-256: 83f6c82e7c52d85336464e9bb513412801679103527d621ad5b5a14f5835816b
    Size: 136.85 kB