oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

libarchive 3.7.8 fixed CVE-2024-57970, CVE-2025-1632, & CVE-2025-25724

From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Fri, 18 Apr 2025 12:39:55 -0700
https://github.com/libarchive/libarchive/releases/tag/v3.7.8 says:

Libarchive 3.7.8 is a bugfix and security release

Security fixes:

 - tar reader: Handle truncation in the middle of a GNU long linkname
  (#2422, CVE-2024-57970)
 - unzip: fix null pointer dereference
  (#2532, CVE-2025-1632)
 - tar reader: fix unchecked return value in list_item_verbose()
  (#2532, CVE-2025-25724)

(Though 3.7.9 has since been released to fix a regression in libarchive 3.7.8
 regarding GNU sparse entries.)

--
        -Alan Coopersmith-                 alan.coopersmith () oracle com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris
Previous By Date Next
Previous By Thread Next

Current thread: