virus logo FortiClient Vulnerability

Security Vulnerabilities fixed in libarchive RHSA-2022:0892

description-logoDescription

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): libarchive: extracting a symlink with ACLs modifies ACLs of target (CVE-2021-23177) libarchive: symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive (CVE-2021-31566) libarchive: extracting a symlink with ACLs modifies ACLs of target (CVE-2021-23177) libarchive: symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive (CVE-2021-31566) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. SolutionFor details on how to apply this update, which includes the changes described in this advisory, refer to:https://access.redhat.com/articles/11258

affected-products-logoAffected Applications

libarchive

CVE References

CVE-2021-31566 CVE-2021-23177

Other References

https://access.redhat.com/errata/RHSA-2022:0892
ID 71892
Created Mar 19, 2022
Description
Updated		 Dec 20, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor RedHat
Patch auto
Application libarchive