ELSA-2019-3698

ELSA-2019-3698 - libarchive security and bug fix update

Type:SECURITY
Severity:MODERATE
Release Date:2019-11-14

Description


[3.3.2-7]
- fix use-after-free in delayed newc link processing (#1602575)
- fix a few obvious resource leaks and strcpy() misuses (#1602575)

[3.3.2-6]
- fixed use after free in RAR decoder (#1700752)
- fixed double free in RAR decoder (#1700753)

[3.3.2-5]
- release bump due to gating (#1680768)

[3.3.2-4]
- fix out-of-bounds read within lha_read_data_none() (CVE-2017-14503)
- fix crash on crafted 7zip archives (CVE-2019-1000019)
- fix infinite loop in ISO9660 (CVE-2019-1000020)


Related CVEs


CVE-2017-14503
CVE-2018-1000877
CVE-2018-1000878
CVE-2019-1000019
CVE-2019-1000020

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) libarchive-3.3.2-7.el8.src.rpm62949514a63afeb3ad043ae9d23c6f1a-
bsdtar-3.3.2-7.el8.aarch64.rpm18115787c9c66036144b9f8ad48cd259-
libarchive-3.3.2-7.el8.aarch64.rpm08e6d14ebfc9353ab4e9afde73c3b05f-
libarchive-devel-3.3.2-7.el8.aarch64.rpm1030d13f66ddc4e544fe1ee61ecf6e76-
Oracle Linux 8 (x86_64) libarchive-3.3.2-7.el8.src.rpm62949514a63afeb3ad043ae9d23c6f1a-
bsdtar-3.3.2-7.el8.x86_64.rpmcb3a501e8b598bd6688079e28907aacd-
libarchive-3.3.2-7.el8.i686.rpm0424084ae5ff5e6c07c0ef22c2a3bb2d-
libarchive-3.3.2-7.el8.x86_64.rpmc5443974992505968a55504735e4d208-
libarchive-devel-3.3.2-7.el8.i686.rpmd7a2760389bb9cba621d2ecb5371bd79-
libarchive-devel-3.3.2-7.el8.x86_64.rpmf435a6a552e7e9557fbc45851c0b84af-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete