ʻO ka waihona Libarchive, ka mea e hāʻawi i nā hana no ka hana ʻana me nā waihona waihona like ʻole a me nā ʻano faila i hoʻopaʻa ʻia, ua ʻike i nā nāwaliwali e alakaʻi ai i ka nui o ka buffer i ka wā e hana ai i nā waihona i hoʻolālā kūikawā ʻia ma ka format RAR. Aia nā nāwaliwali i ka execute_filter_audio (CVE-2024-48957) a me ka execute_filter_delta (CVE-2024-48958) a ma muli o ka nele o ka nānā ʻana i hiki i ka poloka "src" ke uhi i ka poloka "dst" i nā waihona i hōʻino ʻia.
Hoʻopaʻa ʻia nā mea nāwaliwali i ka mana Liarchive 3.7.5, kahi e hoʻoponopono ai i nā hewa he ʻumi e alakaʻi ai i ka overruns buffer, ke komo ʻana i ka hoʻomanaʻo i hoʻokuʻu ʻia, a i ʻole ka integer overflows i ka wā e hoʻoponopono ai i nā faila i ka cpio, lzop, rpm, zip, uu a me rar formats. . Hoʻopaʻa ʻia nā hoʻoponopono e like me nā pilikia palekana, akā me ka ʻole o nā mea ʻike CVE i hāʻawi ʻia. ʻAʻole maopopo i kēia manawa inā hiki ke hoʻohana ʻia kēia mau pilikia e hoʻonohonoho i ka hoʻokō code i ka wā e hana ai i nā faila i hoʻolālā ʻia.
Hoʻohana ʻia ʻo Libarchive ma ke ʻano he hilinaʻi i nā pūʻolo kaulana, no ka laʻana, smbclient, flatpak, appstream, libappimage, dpdk, cmake, rpm, nix, pacman, elfutils, unrar, claws-mail, ark, epiphany, evince, vagrant, vlc, mpv, gvfs, fwupd, systemd (koho) a me ka file-roller (ka waihona waihona ma GNOME). Hiki iā ʻoe ke nānā i ka loaʻa ʻana o nā mea hou i ka hāʻawi ʻana ma nā ʻaoʻao aʻe: Debian, Ubuntu, RHEL, SUSE/openSUSE, Fedora, Arch, FreeBSD.
Source: opennet.ru
