Amazon Linux 2023 Security Advisory: ALAS-2024-742
Advisory Release Date: 2024-10-24 22:53 Pacific
Advisory Updated Date: 2024-10-31 16:00 Pacific
Severity:
Important
Issue Overview:
execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. (CVE-2024-48957)
execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. (CVE-2024-48958)
Affected Packages:
libarchive
Issue Correction:
Run dnf update libarchive --releasever 2023.6.20241028 to update your system.
New Packages:
aarch64:
libarchive-debuginfo-3.7.4-2.amzn2023.0.2.aarch64
bsdunzip-3.7.4-2.amzn2023.0.2.aarch64
bsdtar-3.7.4-2.amzn2023.0.2.aarch64
libarchive-devel-3.7.4-2.amzn2023.0.2.aarch64
libarchive-debugsource-3.7.4-2.amzn2023.0.2.aarch64
bsdunzip-debuginfo-3.7.4-2.amzn2023.0.2.aarch64
bsdcpio-debuginfo-3.7.4-2.amzn2023.0.2.aarch64
bsdcpio-3.7.4-2.amzn2023.0.2.aarch64
bsdtar-debuginfo-3.7.4-2.amzn2023.0.2.aarch64
bsdcat-3.7.4-2.amzn2023.0.2.aarch64
bsdcat-debuginfo-3.7.4-2.amzn2023.0.2.aarch64
libarchive-3.7.4-2.amzn2023.0.2.aarch64
src:
libarchive-3.7.4-2.amzn2023.0.2.src
x86_64:
bsdunzip-debuginfo-3.7.4-2.amzn2023.0.2.x86_64
libarchive-debugsource-3.7.4-2.amzn2023.0.2.x86_64
bsdtar-3.7.4-2.amzn2023.0.2.x86_64
libarchive-3.7.4-2.amzn2023.0.2.x86_64
bsdcpio-3.7.4-2.amzn2023.0.2.x86_64
libarchive-devel-3.7.4-2.amzn2023.0.2.x86_64
bsdtar-debuginfo-3.7.4-2.amzn2023.0.2.x86_64
bsdunzip-3.7.4-2.amzn2023.0.2.x86_64
libarchive-debuginfo-3.7.4-2.amzn2023.0.2.x86_64
bsdcpio-debuginfo-3.7.4-2.amzn2023.0.2.x86_64
bsdcat-debuginfo-3.7.4-2.amzn2023.0.2.x86_64
bsdcat-3.7.4-2.amzn2023.0.2.x86_64