Bofokoli bo lebisang ho ho fetelletseng ha "buffer" ha ho sebetsoa li-archive tsa RAR tse hlophisitsoeng ka mokhoa o ikhethileng li boletsoe laebraring ea Libarchive, e fanang ka mesebetsi ea ho sebetsa ka liforomo tse fapaneng tsa li-archive le tse hatelitsoeng. Bofokoli bo teng ho execute_filter_audio (CVE-2024-48957) le execute_filter_delta (CVE-2024-48958) mesebetsi mme e bakoa ke khaello ea cheke ea hore "src" block e ka koahela "dst" ho li-archives tse senyehileng.
Bofokoli bo tsitsitse ho Libarchive 3.7.5, eo hape e lokisang likokoana-hloko tse fetang leshome le metso e 'meli tse lebisang ho buffer overruns, ho fihlella mohopolong o seng o lokolotsoe, kapa palo e kholo ha e sebetsana le lifaele ho cpio, lzop, rpm, zip, uu, le liforomo tsa rar. Litokiso li tšoauoa e le litaba tsa ts'ireletso, empa ntle le li-identifiers tsa CVE. Ha e e-so hlake hore na mathata ana a ka sebelisoa hampe ho hlophisa ts'ebetso ea khoutu ha ho sebetsoa lifaele tse hlophisitsoeng ka ho khetheha.
Libarchive e sebelisoa e le ts'epo ea liphutheloana tse ngata tse tsebahalang, joalo ka smbclient, flatpak, appstream, libappimage, dpdk, cmake, rpm, nix, pacman, elfutils, unrar, claws-mail, areka, epiphany, evince, vagrant, vagrant, vlc, mpv, dvf, system, le gvf. Motsamaisi oa polokelo ea polokelo ea GNOME). U ka latela lintlafatso tsa likhatiso maqepheng a latelang: Debian, Ubuntu, RHEL, SUSE/openSUSE, Fedora, Arch, FreeBSD.
Source: opennet.ru
