Synopsis: Moderate: libarchive security update Advisory ID: SLSA-2019:2298-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-1000878 CVE-2017-14503 CVE-2019-1000020 CVE-2019-1000019 CVE-2018-1000877 -- Security Fix(es): * libarchive: Double free in RAR decoder resulting in a denial of service (CVE-2018-1000877) * libarchive: Use after free in RAR decoder resulting in a denial of service (CVE-2018-1000878) * libarchive: Out of bounds read in archive_read_support_format_7zip.c resulting in a denial of service (CVE-2019-1000019) * libarchive: Infinite recursion in archive_read_support_format_iso9660.c resulting in denial of service (CVE-2019-1000020) * libarchive: Out-of-bounds read in lha_read_data_none (CVE-2017-14503) -- SL7 x86_64 libarchive-3.1.2-12.el7.x86_64.rpm libarchive-3.1.2-12.el7.i686.rpm libarchive-devel-3.1.2-12.el7.i686.rpm bsdcpio-3.1.2-12.el7.x86_64.rpm bsdtar-3.1.2-12.el7.x86_64.rpm libarchive-devel-3.1.2-12.el7.x86_64.rpm libarchive-debuginfo-3.1.2-12.el7.i686.rpm libarchive-debuginfo-3.1.2-12.el7.x86_64.rpm - Scientific Linux Development Team