Ausführen beliebiger Kommandos in libarchive
ID: | FEDORA-2019-71b2273a9f |
Distribution: | Fedora |
Plattformen: | Fedora 30 |
Datum: | Mi, 1. April 2020, 07:33 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18408 |
Applikationen: | libarchive |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-71b2273a9f 2020-04-01 02:35:47.694450 -------------------------------------------------------------------------------- Name : libarchive Product : Fedora 30 Version : 3.3.3 Release : 7.fc30 URL : http://www.libarchive.org/ Summary : A library for handling streaming archive formats Description : Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2019-18408 RAR reader: fix use after free If read_data_compressed() returns ARCHIVE_FAILED, the caller is allowed to continue with next archive headers. We need to set rar->start_new_table after the ppmd7_context got freed, otherwise it won't be allocated again. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 18 2019 Ondrej Dubaj |