======================================================================

                              CERT-Renater

                   Note d'Information No. 2024/VULN280
_____________________________________________________________________

DATE                : 06/06/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Libarchive versions prior to
                                             3.7.4.

=====================================================================
https://github.com/libarchive/libarchive/releases/tag/v3.7.4
_____________________________________________________________________


Libarchive 3.7.4 Latest
@mmatuska mmatuska released this 26 Apr 10:03
· 51 commits to master since this release
v3.7.4
313aa1f

Libarchive 3.7.4 is a bugfix and security release

Security fixes:

     rar: Fix OOB in rar e8 filter (#2135) (CVE-2024-26256)
     zip: Fix out of boundary access (#2145)

Important bugfixes:

     7zip: Limit amount of properties (#2131)
     bsdtar: Fix error handling around strtol() usages (#2110)
     passphrase: Improve newline handling on Windows (#2115)
     passphrase: Never allow empty passwords (#2116)
     rar: Fix "File CRC Error" when extracting specific rar4 archives
                 (#2124)
     xar: Avoid infinite link loop (#2123)
     zip: Update AppleDouble support for directories (#2108)
     zstd: Implement core detection (#2083, #2071)

Thanks to all contributors and bug reporters!


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================