| Errata ID | 609 |
|---|---|
| Date | 2019-11-06 |
| Source package | libarchive |
| Fixed in version | 3.2.2-2+deb9u2 |
| Description | This update addresses the following issues: * archive_read_format_rar_read_data() in archive_read_support_format_rar.c has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. (CVE-2019-18408) * Out of bounds read in archive_read_support_format_7zip.c resulting in a denial of service (CVE-2019-1000019) * Infinite recursion in archive_read_support_format_iso9660.c resulting in denial of service (CVE-2019-1000020) |
| Additional notes | |
| CVE ID | CVE-2019-18408 CVE-2019-1000019 CVE-2019-1000020 |
| UCS Bug number | #50439 |
