libarchive: Multiple vulnerabilities — GLSA 201710-19

Multiple vulnerabilities have been found in libarchive, the worst of which could lead to a Denial of Service condition.

Affected Packages

app-arch/libarchive on all architectures
Affected versions < 3.3.0
Unaffected versions >= 3.3.0

Background

libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants.

Description

Multiple vulnerabilities have been discovered in libarchive. Please review the referenced CVE identifiers for details.

Impact

A remote attacker, via a specially crafted file, could possibly cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All libarchive users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-arch/libarchive-3.3.0"
 

References

Release Date
October 18, 2017

Latest Revision
October 18, 2017: 1

Severity
normal

Exploitable
remote

Bugzilla entries