An update for libarchive is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1742 Final 1.0 1.0 2022-07-08 Initial 2022-07-08 2022-07-08 openEuler SA Tool V1.0 2022-07-08 libarchive security update An update for libarchive is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. libarchive is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats,including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use libarchive. Security Fix(es): Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.(CVE-2022-26280) An update for libarchive is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical libarchive https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1742 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-26280 https://nvd.nist.gov/vuln/detail/CVE-2022-26280 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS libarchive-3.4.3-5.oe1.aarch64.rpm libarchive-debuginfo-3.4.3-5.oe1.aarch64.rpm libarchive-devel-3.4.3-5.oe1.aarch64.rpm libarchive-debugsource-3.4.3-5.oe1.aarch64.rpm libarchive-devel-3.4.3-5.oe1.aarch64.rpm libarchive-debuginfo-3.4.3-5.oe1.aarch64.rpm libarchive-debugsource-3.4.3-5.oe1.aarch64.rpm libarchive-3.4.3-5.oe1.aarch64.rpm bsdcat-3.5.2-4.oe2203.aarch64.rpm libarchive-debugsource-3.5.2-4.oe2203.aarch64.rpm bsdcpio-3.5.2-4.oe2203.aarch64.rpm libarchive-devel-3.5.2-4.oe2203.aarch64.rpm libarchive-3.5.2-4.oe2203.aarch64.rpm bsdtar-3.5.2-4.oe2203.aarch64.rpm libarchive-debuginfo-3.5.2-4.oe2203.aarch64.rpm libarchive-help-3.4.3-5.oe1.noarch.rpm libarchive-help-3.4.3-5.oe1.noarch.rpm libarchive-help-3.5.2-4.oe2203.noarch.rpm libarchive-3.4.3-5.oe1.src.rpm libarchive-3.4.3-5.oe1.src.rpm libarchive-3.5.2-4.oe2203.src.rpm libarchive-debugsource-3.4.3-5.oe1.x86_64.rpm libarchive-devel-3.4.3-5.oe1.x86_64.rpm libarchive-3.4.3-5.oe1.x86_64.rpm libarchive-debuginfo-3.4.3-5.oe1.x86_64.rpm libarchive-debugsource-3.4.3-5.oe1.x86_64.rpm libarchive-debuginfo-3.4.3-5.oe1.x86_64.rpm libarchive-3.4.3-5.oe1.x86_64.rpm libarchive-devel-3.4.3-5.oe1.x86_64.rpm libarchive-debugsource-3.5.2-4.oe2203.x86_64.rpm libarchive-debuginfo-3.5.2-4.oe2203.x86_64.rpm bsdcpio-3.5.2-4.oe2203.x86_64.rpm libarchive-3.5.2-4.oe2203.x86_64.rpm bsdtar-3.5.2-4.oe2203.x86_64.rpm libarchive-devel-3.5.2-4.oe2203.x86_64.rpm bsdcat-3.5.2-4.oe2203.x86_64.rpm Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. 2022-07-08 CVE-2022-26280 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS Critical 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H libarchive security update 2022-07-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1742