===================================================================
                                CERT-Renater

                     Note d'Information No. 2022/VULN148
______________________________________________________________________

DATE                : 12/04/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running Libarchive versions prior to
                                         3.6.1.

=====================================================================
https://github.com/libarchive/libarchive/releases/tag/v3.6.1
_______________________________________________________________________

Libarchive 3.6.1 Latest
@mmatuska mmatuska released this


Libarchive 3.6.1 is a bugfix and security release.


Security fixes:

7zip reader: fix PPMD read beyond boundary (#1671)
ZIP reader: fix possible out of bounds read (OSS-Fuzz 38766 #1672)
ISO reader: fix possible heap buffer overflow in read_children()
             (OSS-Fuzz 38764, #1685)
RARv4 redaer: fix multiple issues in RARv4 filter code (introduced
               in libarchive 3.6.0)
fix heap use after free in archive_read_format_rar_read_data()
             (OSS-Fuzz 44547, 52efa50)
fix null dereference in read_data_compressed() (OSS-Fuzz 44843,
              1271f77)
fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================