update: libarchive #1544

dongsupark · 2024-09-20T09:59:01Z

Name: libarchive
CVEs: CVE-2024-26256, CVE-2024-48957, CVE-2024-48958
CVSSs: 7.8, 7.8, 7.8
Action Needed: update to >= 3.7.5

Summary:

CVE-2024-26256: libarchive Remote Code Execution Vulnerability.
CVE-2024-48957: execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
CVE-2024-48958: execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.

refmap.gentoo: https://bugs.gentoo.org/939800

dongsupark · 2024-10-14T11:14:00Z

dongsupark · 2024-10-16T14:49:00Z

dongsupark added security security concerns advisory security advisory cvss/HIGH > 7 && < 9 assessed CVSS labels Sep 20, 2024

dongsupark added this to Flatcar tactical, release planning, and roadmap Sep 20, 2024

github-project-automation bot moved this to 📝 Needs Triage in Flatcar tactical, release planning, and roadmap Sep 20, 2024

dongsupark moved this from 📝 Needs Triage to 🪵Backlog in Flatcar tactical, release planning, and roadmap Sep 20, 2024

github-actions bot mentioned this issue Sep 22, 2024

Monthly contributions report 2024-08-22 - 2024-09-21 #1547

Closed

krnowak mentioned this issue Oct 15, 2024

Weekly portage-stable package updates 2024-10-07 flatcar/scripts#2364

Merged

2 tasks

dongsupark closed this as completed Oct 16, 2024

github-project-automation bot moved this from 🪵Backlog to Implemented in Flatcar tactical, release planning, and roadmap Oct 16, 2024

github-actions bot mentioned this issue Oct 22, 2024

Monthly contributions report 2024-09-22 - 2024-10-21 #1568

Open

Provide feedback