Amazon Linux 2022 Security Advisory: ALAS-2022-103
Advisory Release Date: 2022-06-29 00:03 Pacific
Advisory Updated Date: 2022-07-19 19:43 Pacific
Severity:
Medium
Issue Overview:
An out-of-bounds read flaw was found in libarchive. This flaw allows an attacker who can supply a specially crafted zip file to libarchive to cause an out-of-bounds read in programs linked with libarchive, using the LZMA zip functionality. The consequences depend on the specific program linked with libarchive. Still, they would most likely result in an application crash or information disclosure that could be used in conjunction with another exploit. (CVE-2022-26280)
Affected Packages:
libarchive
Issue Correction:
Run dnf update --releasever=2022.0.20220628 libarchive to update your system.
New Packages:
aarch64:
libarchive-3.5.3-2.amzn2022.aarch64
bsdcpio-debuginfo-3.5.3-2.amzn2022.aarch64
libarchive-debugsource-3.5.3-2.amzn2022.aarch64
bsdtar-debuginfo-3.5.3-2.amzn2022.aarch64
libarchive-debuginfo-3.5.3-2.amzn2022.aarch64
bsdcat-3.5.3-2.amzn2022.aarch64
bsdcat-debuginfo-3.5.3-2.amzn2022.aarch64
bsdcpio-3.5.3-2.amzn2022.aarch64
bsdtar-3.5.3-2.amzn2022.aarch64
libarchive-devel-3.5.3-2.amzn2022.aarch64
src:
libarchive-3.5.3-2.amzn2022.src
x86_64:
bsdcpio-debuginfo-3.5.3-2.amzn2022.x86_64
bsdtar-debuginfo-3.5.3-2.amzn2022.x86_64
libarchive-debugsource-3.5.3-2.amzn2022.x86_64
libarchive-debuginfo-3.5.3-2.amzn2022.x86_64
bsdcpio-3.5.3-2.amzn2022.x86_64
bsdcat-3.5.3-2.amzn2022.x86_64
bsdcat-debuginfo-3.5.3-2.amzn2022.x86_64
bsdtar-3.5.3-2.amzn2022.x86_64
libarchive-3.5.3-2.amzn2022.x86_64
libarchive-devel-3.5.3-2.amzn2022.x86_64