Описание
Security update for libarchive
This update for libarchive fixes the following issues:
-
CVE-2019-19221: Fixed out-of-bounds read caused by incorrect mbrtowc or mbtowc call (bsc#1157569)
-
backporting symlink security fixes from 3.5.2:
- extracting with ACLs modifies ACLs of target (bsc#1192425)
- modifies file flags of target (bsc#1192426)
- avoid follow on fixup entries (bsc#1192427)
Список пакетов
SUSE Linux Enterprise Server 12 SP5
libarchive13-3.3.3-32.5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libarchive13-3.3.3-32.5.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libarchive-devel-3.3.3-32.5.1
Ссылки
- Link for SUSE-SU-2021:3722-1
- E-Mail link for SUSE-SU-2021:3722-1
- SUSE Security Ratings
- SUSE Bug 1157569
- SUSE Bug 1192425
- SUSE Bug 1192426
- SUSE Bug 1192427
- SUSE CVE CVE-2019-19221 page
Описание
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libarchive13-3.3.3-32.5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:libarchive13-3.3.3-32.5.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libarchive-devel-3.3.3-32.5.1
Ссылки
- CVE-2019-19221
- SUSE Bug 1157569