ALT-BU-2022-7426-1
Branch c9f2 update bulletin.
Package libarchive updated to version 3.6.1-alt2 for branch c9f2 in task 311214.
Closed vulnerabilities
BDU:2021-03887
Уязвимость функции do_uncompress_block and process_block библиотеки libarchive, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01463
Уязвимость библиотеки архивирования libarchive, связанная с отслеживанием символьных ссылок, позволяющая нарушителю повысить свои привилегии
BDU:2022-01464
Уязвимость библиотеки архивирования libarchive, связанная с отслеживанием символьных ссылок, позволяющая нарушителю повысить свои привилегии
BDU:2022-01973
Уязвимость реализации функции zipx_lzma_alone_init() библиотеки архивирования libarchive, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
BDU:2022-07496
Уязвимость функции calloc() библиотеки архивирования libarchive, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-23177
An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.
- https://access.redhat.com/security/cve/CVE-2021-23177
- https://access.redhat.com/security/cve/CVE-2021-23177
- https://bugzilla.redhat.com/show_bug.cgi?id=2024245
- https://bugzilla.redhat.com/show_bug.cgi?id=2024245
- https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad
- https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad
- https://github.com/libarchive/libarchive/issues/1565
- https://github.com/libarchive/libarchive/issues/1565
- [debian-lts-announce] 20221122 [SECURITY] [DLA 3202-1] libarchive security update
- [debian-lts-announce] 20221122 [SECURITY] [DLA 3202-1] libarchive security update
Modified: 2024-11-21
CVE-2021-31566
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.
- https://access.redhat.com/security/cve/CVE-2021-31566
- https://access.redhat.com/security/cve/CVE-2021-31566
- https://bugzilla.redhat.com/show_bug.cgi?id=2024237
- https://bugzilla.redhat.com/show_bug.cgi?id=2024237
- https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043
- https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043
- https://github.com/libarchive/libarchive/issues/1566
- https://github.com/libarchive/libarchive/issues/1566
- [debian-lts-announce] 20221122 [SECURITY] [DLA 3202-1] libarchive security update
- [debian-lts-announce] 20221122 [SECURITY] [DLA 3202-1] libarchive security update
Modified: 2024-11-21
CVE-2021-36976
libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
- 20220314 APPLE-SA-2022-03-14-1 iOS 15.4 and iPadOS 15.4
- 20220314 APPLE-SA-2022-03-14-1 iOS 15.4 and iPadOS 15.4
- 20220314 APPLE-SA-2022-03-14-2 watchOS 8.5
- 20220314 APPLE-SA-2022-03-14-2 watchOS 8.5
- 20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3
- 20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml
- FEDORA-2022-9bb794c5f5
- FEDORA-2022-9bb794c5f5
- GLSA-202208-26
- GLSA-202208-26
- https://support.apple.com/kb/HT213182
- https://support.apple.com/kb/HT213182
- https://support.apple.com/kb/HT213183
- https://support.apple.com/kb/HT213183
- https://support.apple.com/kb/HT213193
- https://support.apple.com/kb/HT213193
Modified: 2024-11-21
CVE-2022-26280
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
Modified: 2024-11-21
CVE-2022-36227
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."
- https://bugs.gentoo.org/882521
- https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215
- https://github.com/libarchive/libarchive/issues/1754
- [debian-lts-announce] 20230130 [SECURITY] [DLA 3294-1] libarchive security update
- FEDORA-2022-e15be0091f
- GLSA-202309-14
- https://bugs.gentoo.org/882521
- GLSA-202309-14
- FEDORA-2022-e15be0091f
- [debian-lts-announce] 20230130 [SECURITY] [DLA 3294-1] libarchive security update
- https://github.com/libarchive/libarchive/issues/1754
- https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215