Support Content Notification - Support Portal

USN-6805-1: libarchive vulnerability

Product/Component

Notification Id

24749

Last Updated

22 August 2024

Initial Publication Date

22 August 2024

Status

CLOSED

Severity

MEDIUM

CVSS Base Score

WorkAround

Affected CVE

CVE-2024-26256

Severity

medium

Vendor

VMware Tanzu

Versions Affected

Cflinuxfs4
Canonical Ubuntu 22.04

Description

It was discovered that libarchive incorrectly handled certain RAR archive files. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update Instructions: Run `sudo pro fix USN-6805-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libarchive-dev - 3.6.0-1ubuntu1.1 libarchive-tools - 3.6.0-1ubuntu1.1 libarchive13 - 3.6.0-1ubuntu1.1 No subscription required.

Fixed VMware Products and Versions

Cflinuxfs4

1.99.0 or greater

Jammy Stemcells

1.486 or greater

References

https://ubuntu.com/security/notices/USN-6805-1

https://www.cloudfoundry.org/blog/usn-6805-1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6805-1

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24749

History

2024-06-04: Initial vulnerability report published.