An update for libarchive is now available for openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2286 Final 1.0 1.0 2024-10-18 Initial 2024-10-18 2024-10-18 openEuler SA Tool V1.0 2024-10-18 libarchive security update An update for libarchive is now available for openEuler-24.03-LTS is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security Fix(es): execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.(CVE-2024-48957) execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.(CVE-2024-48958) An update for libarchive is now available for openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High libarchive https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2286 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-48957 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 openEuler-24.03-LTS bsdcat-3.7.1-5.oe2403.aarch64.rpm bsdcpio-3.7.1-5.oe2403.aarch64.rpm bsdtar-3.7.1-5.oe2403.aarch64.rpm bsdunzip-3.7.1-5.oe2403.aarch64.rpm libarchive-3.7.1-5.oe2403.aarch64.rpm libarchive-debuginfo-3.7.1-5.oe2403.aarch64.rpm libarchive-debugsource-3.7.1-5.oe2403.aarch64.rpm libarchive-devel-3.7.1-5.oe2403.aarch64.rpm bsdcat-3.7.1-5.oe2403.x86_64.rpm bsdcpio-3.7.1-5.oe2403.x86_64.rpm bsdtar-3.7.1-5.oe2403.x86_64.rpm bsdunzip-3.7.1-5.oe2403.x86_64.rpm libarchive-3.7.1-5.oe2403.x86_64.rpm libarchive-debuginfo-3.7.1-5.oe2403.x86_64.rpm libarchive-debugsource-3.7.1-5.oe2403.x86_64.rpm libarchive-devel-3.7.1-5.oe2403.x86_64.rpm libarchive-3.7.1-5.oe2403.src.rpm libarchive-help-3.7.1-5.oe2403.noarch.rpm execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. 2024-10-18 CVE-2024-48957 openEuler-24.03-LTS High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H libarchive security update 2024-10-18 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2286 execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. 2024-10-18 CVE-2024-48958 openEuler-24.03-LTS High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H libarchive security update 2024-10-18 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2286