安全公告详情

NS-SA-2022-0092

2022-11-09 12:33:35

简介

moderate: libsolv/libarchive security update

严重级别

moderate

主题

An update for libsolv/libarchive is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

libsolv: This package provides debug information for package ruby-solv. Debug information is useful when developing applications that use this package or when debugging this package.
libarchive: This package provides debug information for package bsdcat. Debug information is useful when developing applications that use this package or when debugging this package.


Security Fix(es):
libsolv: A flaw was found in libsolv. A buffer overflow in the pool_installable function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2021-33928)
libsolv: A flaw was found in libsolv. A buffer overflow vulnerability in the pool_disabled_solvable function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2021-33929)
libsolv: A flaw was found in libsolv. A buffer overflow vulnerability in the pool_installable_whatprovides function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2021-33930)
libsolv: A flaw was found in libsolv. A buffer overflow vulnerability in the prune_to_recommend function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2021-33938)
libsolv: bugfix
libarchive: d_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.(CVE-2017-14502)
libarchive: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.B0B9.

影响组件

  • libsolv
  • libarchive

影响产品

  • CGSL MAIN 6.02

更新包

{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["libsolv-0.7.16-3.el8_4.x86_64.rpm"],"source":"libsolv-0.7.16-3.el8_4.src.rpm"},{"binary":["libarchive-3.3.3-1.el8.x86_64.rpm"],"source":"libarchive-3.3.3-1.el8.src.rpm"}]}]}

CVE

参考