ELSA-2019-3698

ULN >
Oracle Linux Errata repository >
ELSA-2019-3698

ELSA-2019-3698 - libarchive security and bug fix update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2019-11-14

Description

[3.3.2-7]
- fix use-after-free in delayed newc link processing (#1602575)
- fix a few obvious resource leaks and strcpy() misuses (#1602575)

[3.3.2-6]
- fixed use after free in RAR decoder (#1700752)
- fixed double free in RAR decoder (#1700753)

[3.3.2-5]
- release bump due to gating (#1680768)

[3.3.2-4]
- fix out-of-bounds read within lha_read_data_none() (CVE-2017-14503)
- fix crash on crafted 7zip archives (CVE-2019-1000019)
- fix infinite loop in ISO9660 (CVE-2019-1000020)

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	libarchive-3.3.2-7.el8.src.rpm	62949514a63afeb3ad043ae9d23c6f1a	-
	bsdtar-3.3.2-7.el8.aarch64.rpm	18115787c9c66036144b9f8ad48cd259	-
	libarchive-3.3.2-7.el8.aarch64.rpm	08e6d14ebfc9353ab4e9afde73c3b05f	-
	libarchive-devel-3.3.2-7.el8.aarch64.rpm	1030d13f66ddc4e544fe1ee61ecf6e76	-

Oracle Linux 8 (x86_64)	libarchive-3.3.2-7.el8.src.rpm	62949514a63afeb3ad043ae9d23c6f1a	-
	bsdtar-3.3.2-7.el8.x86_64.rpm	cb3a501e8b598bd6688079e28907aacd	-
	libarchive-3.3.2-7.el8.i686.rpm	0424084ae5ff5e6c07c0ef22c2a3bb2d	-
	libarchive-3.3.2-7.el8.x86_64.rpm	c5443974992505968a55504735e4d208	-
	libarchive-devel-3.3.2-7.el8.i686.rpm	d7a2760389bb9cba621d2ecb5371bd79	-
	libarchive-devel-3.3.2-7.el8.x86_64.rpm	f435a6a552e7e9557fbc45851c0b84af	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691