[SECURITY] Fedora 18 Update: mingw-libarchive-3.0.4-4.fc18

updates at fedoraproject.org updates at fedoraproject.org
Mon Apr 8 00:22:17 UTC 2013


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-4592
2013-03-30 21:02:34
--------------------------------------------------------------------------------

Name        : mingw-libarchive
Product     : Fedora 18
Version     : 3.0.4
Release     : 4.fc18
URL         : http://libarchive.github.com/
Summary     : MinGW package for handling streaming archive formats
Description :
Libarchive is a programming library that can create and read several different
streaming archive formats, including most popular tar variants, several cpio
formats, and both BSD and GNU ar variants. It can also write shar archives and
read ISO9660 CDROM images and ZIP archives.

--------------------------------------------------------------------------------
Update Information:

This update fixes CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 29 2013 Michael Cronenworth <mike at cchtml.com> - 3.0.4-4
- Fix CVE-2013-0211: read buffer overflow on 64-bit systems (#927105)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #902998 - CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems
        https://bugzilla.redhat.com/show_bug.cgi?id=902998
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update mingw-libarchive' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list