{"id":"MGASA-2018-0361","summary":"Updated libarchive packages fix security vulnerabilities","details":"The updated packages fix security vulnerabilities:\n\nAn out-of-bounds read flaw exists in parse_file_info in \narchive_read_support_format_iso9660.c in libarchive 3.3.2 when\nextracting a specially crafted iso9660 iso file, related to\narchive_read_format_iso9660_read_header (CVE-2017-14501).\n\nlibarchive 3.3.2 suffers from an out-of-bounds read within\nlha_read_data_none() in archive_read_support_format_lha.c when\nextracting a specially crafted lha archive, related to lha_crc16\n(CVE-2017-14503).\n","modified":"2026-01-30T19:10:12.189859Z","published":"2018-08-31T21:11:59Z","related":["CVE-2017-14501","CVE-2017-14503"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0361.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23437"},{"type":"REPORT","url":"https://usn.ubuntu.com/3736-1/"}],"affected":[{"package":{"name":"libarchive","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/libarchive?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.1-1.2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0361.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}