安全公告详情

NS-SA-2020-0109

2020-12-08 09:15:38

简介

important: python-reportlab/libarchive security update

严重级别

important

主题

An update for python-reportlab/libarchive is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

python-reportlab: Python PDF generation library.
libarchive: Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives.


Security Fix(es):
python-reportlab: A code injection vulnerability in python-reportlab allows an attacker to execute code while parsing a color attribute. An application that uses python-reportlab to parse untrusted input files may be vulnerable to this flaw and allow remote code execution.(CVE-2019-17626)
python-reportlab: bugfix
libarchive: A use-after-free vulnerability was discovered in libarchive in the way it processes RAR archives when there is an error in one of the archive's entries. An application that accepts untrusted RAR archives may be vulnerable to this flaw, which could allow a remote attacker to cause a denial of service or to potentially execute code.(CVE-2019-18408)
libarchive: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F9B3.

影响组件

  • python-reportlab
  • libarchive

影响产品

  • CGSL MAIN 5.05
  • CGSL CORE 5.05

更新包

{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["python-reportlab-2.5-9.el7_7.1.x86_64.rpm","python-reportlab-debuginfo-2.5-9.el7_7.1.x86_64.rpm","python-reportlab-docs-2.5-9.el7_7.1.x86_64.rpm"],"source":"python-reportlab-2.5-9.el7_7.1.src.rpm"},{"binary":["bsdcpio-3.1.2-14.el7_7.x86_64.rpm","bsdtar-3.1.2-14.el7_7.x86_64.rpm","libarchive-3.1.2-14.el7_7.x86_64.rpm","libarchive-debuginfo-3.1.2-14.el7_7.x86_64.rpm","libarchive-devel-3.1.2-14.el7_7.x86_64.rpm"],"source":"libarchive-3.1.2-14.el7_7.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["python-reportlab-2.5-9.el7_7.1.x86_64.rpm","python-reportlab-debuginfo-2.5-9.el7_7.1.x86_64.rpm","python-reportlab-docs-2.5-9.el7_7.1.x86_64.rpm"],"source":"python-reportlab-2.5-9.el7_7.1.src.rpm"},{"binary":["bsdcpio-3.1.2-14.el7_7.x86_64.rpm","bsdtar-3.1.2-14.el7_7.x86_64.rpm","libarchive-3.1.2-14.el7_7.x86_64.rpm","libarchive-devel-3.1.2-14.el7_7.x86_64.rpm","libarchive-debuginfo-3.1.2-14.el7_7.x86_64.rpm"],"source":"libarchive-3.1.2-14.el7_7.src.rpm"}]}]}

CVE

参考