Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:3935-1

Опубликовано: 10 нояб. 2022
Источник: suse-cvrf

Описание

Security update for libarchive

This update for libarchive fixes the following issues:

  • CVE-2021-31566: Fixed incorrect usage of file flags (bsc#1192426).
  • Fixed issues where postprocessing alters symlink targets instead of actual file (bsc#1192427).

Список пакетов

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
libarchive13-3.4.2-150200.4.12.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
libarchive13-3.4.2-150200.4.12.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
libarchive13-3.4.2-150200.4.12.1
Image SLES15-SP3-SAPCAL-Azure
libarchive13-3.4.2-150200.4.12.1
Image SLES15-SP3-SAPCAL-EC2-HVM
libarchive13-3.4.2-150200.4.12.1
Image SLES15-SP3-SAPCAL-GCE
libarchive13-3.4.2-150200.4.12.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
libarchive-devel-3.4.2-150200.4.12.1
libarchive13-3.4.2-150200.4.12.1
SUSE Linux Enterprise Module for Development Tools 15 SP3
bsdtar-3.4.2-150200.4.12.1
openSUSE Leap 15.3
bsdtar-3.4.2-150200.4.12.1
libarchive-devel-3.4.2-150200.4.12.1
libarchive13-3.4.2-150200.4.12.1
libarchive13-32bit-3.4.2-150200.4.12.1

Ссылки

Описание

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.

Затронутые продукты
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:libarchive13-3.4.2-150200.4.12.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:libarchive13-3.4.2-150200.4.12.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE:libarchive13-3.4.2-150200.4.12.1
Image SLES15-SP3-SAPCAL-Azure:libarchive13-3.4.2-150200.4.12.1
Ссылки
Уязвимость SUSE-SU-2022:3935-1