MGASA-2013-0119
Date: | April 18th, 2013 |
Affected releases: | 2 |
Media: | Core |
Description:
Updated libarchive packages fix security vulnerability:
Fabian Yamaguchi reported a read buffer overflow flaw in libarchive
on 64-bit systems where sizeof(size_t) is equal to 8.
In the archive_write_zip_data() function in libarchive/
archive_write_set_format_zip.c, the "s" parameter is of type size_t
(64 bit, unsigned) and is cast to a 64 bit signed integer. If "s"
is larger than MAX_INT, it will not be set to "zip->remaining_data_bytes"
even though it is larger than "zip->remaining_data_bytes", which leads
to a buffer overflow when calling deflate(). This can lead to a segfault
in an application that uses libarchive to create ZIP archives
(CVE-2013-0211).
Updated Packages:
i586:
bsdcpio-3.0.3-1.1.mga2.i586.rpm
bsdtar-3.0.3-1.1.mga2.i586.rpm
libarchive12-3.0.3-1.1.mga2.i586.rpm
libarchive-devel-3.0.3-1.1.mga2.i586.rpm
libarchive-debug-3.0.3-1.1.mga2.i586.rpm
x86_64:
bsdcpio-3.0.3-1.1.mga2.x86_64.rpm
bsdtar-3.0.3-1.1.mga2.x86_64.rpm
lib64archive12-3.0.3-1.1.mga2.x86_64.rpm
lib64archive-devel-3.0.3-1.1.mga2.x86_64.rpm
libarchive-debug-3.0.3-1.1.mga2.x86_64.rpm
SRPMS:
libarchive-3.0.3-1.1.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0211
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101687.html
https://bugs.mageia.org/show_bug.cgi?id=9671