ID de Prueba:	1.3.6.1.4.1.25623.1.1.13.2024.258.01
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2024-258-01)
Resumen:	The remote host is missing an update for the 'libarchive' package(s) announced via the SSA:2024-258-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libarchive' package(s) announced via the SSA:2024-258-01 advisory. Vulnerability Insight: New libarchive packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/libarchive-3.7.5-i586-1_slack15.0.txz: Upgraded. This update fixes the following security issues: fix multiple vulnerabilities identified by SAST (#2251, #2256) cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258) lzop: prevent integer overflow (#2174) rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696) rar4: fix CVE-2024-26256 (#2269) rar4: fix OOB in delta and audio filter (#2148, #2149) rar4: fix out of boundary access with large files (#2179) rar4: add boundary checks to rgb filter (#2210) rar4: fix OOB access with unicode filenames (#2203) rar5: clear 'data ready' cache on window buffer reallocs (#2265) rpm: calculate huge header sizes correctly (#2158) unzip: unify EOF handling (#2175) util: fix out of boundary access in mktemp functions (#2160) uu: stop processing if lines are too long (#2168) For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'libarchive' package(s) on Slackware 15.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-20696 https://clearbluejar.github.io/posts/patch-tuesday-diffing-cve-2024-20696-windows-libarchive-rce/ https://github.com/clearbluejar/CVE-2024-20696 Windows Libarchive Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20696 Common Vulnerability Exposure (CVE) ID: CVE-2024-26256 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TWAMR5TY47UKVYMWQXB34CWSBNTRYMBV/ http://www.openwall.com/lists/oss-security/2024/06/04/2 http://www.openwall.com/lists/oss-security/2024/06/05/1 https://github.com/LeSuisse/nixpkgs/commit/81b82a2934521dffef76f7ca305d8d4e22fe7262 https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch https://github.com/libarchive/libarchive/releases/tag/v3.7.4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWANFZ6NEMXFCALXWI2AFKYBOLONAVFC/ https://www.openwall.com/lists/oss-security/2024/06/04/2 libarchive Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256
Copyright	Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.