Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0060)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2022.0060

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2022-0060)

Resumen: The remote host is missing an update for the 'libarchive' package(s) announced via the MGASA-2022-0060 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libarchive' package(s) announced via the MGASA-2022-0060 advisory.

Vulnerability Insight:
Processing fixup entries may follow symbolic links. (CVE-2021-31566)

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called
from do_uncompress_block and process_block). (CVE-2021-36976)

Affected Software/OS:
'libarchive' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-31566
https://access.redhat.com/security/cve/CVE-2021-31566
https://bugzilla.redhat.com/show_bug.cgi?id=2024237
https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043
https://github.com/libarchive/libarchive/issues/1566
https://lists.debian.org/debian-lts-announce/2022/11/msg00030.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-36976
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SE5NJQNM22ZE5Z55LPAGCUHSBQZBKMKC/
http://seclists.org/fulldisclosure/2022/Mar/27
http://seclists.org/fulldisclosure/2022/Mar/28
http://seclists.org/fulldisclosure/2022/Mar/29
https://security.gentoo.org/glsa/202208-26
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0060
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0060)
Resumen:	The remote host is missing an update for the 'libarchive' package(s) announced via the MGASA-2022-0060 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libarchive' package(s) announced via the MGASA-2022-0060 advisory. Vulnerability Insight: Processing fixup entries may follow symbolic links. (CVE-2021-31566) libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). (CVE-2021-36976) Affected Software/OS: 'libarchive' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-31566 https://bugzilla.redhat.com/show_bug.cgi?id=2024237 https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043 https://github.com/libarchive/libarchive/issues/1566 https://lists.debian.org/debian-lts-announce/2022/11/msg00030.html Common Vulnerability Exposure (CVE) ID: CVE-2021-36976 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SE5NJQNM22ZE5Z55LPAGCUHSBQZBKMKC/ http://seclists.org/fulldisclosure/2022/Mar/27 http://seclists.org/fulldisclosure/2022/Mar/28 http://seclists.org/fulldisclosure/2022/Mar/29 https://security.gentoo.org/glsa/202208-26 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml
Copyright	Copyright (C) 2022 Greenbone AG