#12199 closed enhancement (fixed)
libarchive-3.4.0
Reported by: | Douglas R. Reno | Owned by: | Xi Ruoyao |
---|---|---|---|
Priority: | high | Milestone: | 9.0 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description
New minor version
https://github.com/libarchive/libarchive/releases - look here, I was tipped off by Arch
Libarchive 3.4.0 is a feature and security release. Feature higlights: Support for file and directory symlinks on Windows Read support for RAR 5.0 archives Read support for ZIPX archives with xz, lzma, ppmd8 and bzip2 compression Support for non-recursive list and extract New tar option: --exclude-vcs Improved file attribute support on Linux and file flags support on FreeBSD 64-bit ar format support Important bugfixes: fix reading Android APK archives (#1055 ) fix problems related to unreadable directories (#1167) patches from OpenBSD to libarchive_fe/passphrase.c support extracting ACLs with in-entry comments (#1096) support extracting extattrs as non-root on non-user-writable files (#1023) a two-digit number of OSS-Fuzz issues was resolved in this release various resource leak, use-after-free and crash fixes Thanks to all contributors and bug reporters for making libarchive such a great piece of software. Special thanks to @antekone for implementing RAR 5.0 reader and ZIPX decompression support.
https://github.com/libarchive/libarchive/issues/1216 - explanation as to why we can't find it
CVE-2018-1000877 A double-free issue has been found in libarchive >= 3.1.0 and <=3.3.3, in the parse_codes() function in archive_read_support_format_rar.c. An attacker can use a specially crafted RAR file to cause a call to realloc with a size of 0, effectively freeing the memory which will be freed again at a later time. CVE-2018-1000878 A use-after-free issue has been found in libarchive >= 3.1.0 and <=3.3.3, in the archive_read_format_rar_read_header() function in archive_read_support_format_rar.c. An attacker can use a specially crafted RAR file to cause the vulnerable function to free the buffer and allocate a new one, causing the ppmd7 decoder to continue reading from and writing to the freed buffer. CVE-2018-1000879 A NULL-pointer dereference issue has been found in libarchive >= 3.3.0 and <=3.3.3, in the archive_acl_from_text_l() function in archive_acl.c. An attacker can use a specially crafted archive file to cause a crash via a malformed ACL. CVE-2018-1000880 A resource consumption issue has been found in libarchive >= 3.2.0 and <=3.3.3, in the _warc_read() function in archive_read_support_format_warm.c. An attacker can use a specially crafted WARC file to cause quasi-infinite run time and disk usage from a tiny file. CVE-2019-1000019 libarchive version >=v3.0.2 contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. CVE-2019-1000020 libarchive version >=v2.8.0 contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.
Change History (3)
comment:1 by , 5 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 5 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at r21746.