{"id":"OESA-2022-1494","summary":"libarchive security update","details":"is an open-source BSD-licensed C programming library that  provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution  also includes bsdtar and bsdcpio, full-featured implementations of  tar and cpio that use .\r\n\r\nSecurity Fix(es):\r\n\r\nIncorrect link resolution flaws can occur when extracting archives, resulting in changes to the mode, time, access control list, and flags of files outside the archive. An attacker could deliver malicious archives to victim users, triggering this vulnerability when they attempt to extract the archives. A local attacker could exploit this vulnerability to gain additional privileges on the system.(CVE-2021-31566)\r\n\r\nIncorrect link resolution flaws when using ACLs to extract symbolic links can lead to changes to the access control list (ACL) of the link target. An attacker could deliver malicious archives to victim users, triggering this vulnerability when they attempt to extract the archives. A local attacker could exploit this vulnerability to change the ACL of a file on the system and gain more permissions.(CVE-2021-23177)","modified":"2025-09-03T06:17:17.415250Z","published":"2022-01-22T11:03:28Z","upstream":["CVE-2021-23177","CVE-2021-31566"],"database_specific":{"severity":"Medium"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1494"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31566"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23177"}],"affected":[{"package":{"name":"libarchive","ecosystem":"openEuler:20.03-LTS-SP1","purl":"pkg:rpm/openEuler/libarchive&distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.3-4.oe1"}]}],"ecosystem_specific":{"noarch":["libarchive-help-3.4.3-4.oe1.noarch.rpm"],"src":["libarchive-3.4.3-4.oe1.src.rpm"],"x86_64":["libarchive-debuginfo-3.4.3-4.oe1.x86_64.rpm","libarchive-3.4.3-4.oe1.x86_64.rpm","libarchive-debugsource-3.4.3-4.oe1.x86_64.rpm","libarchive-devel-3.4.3-4.oe1.x86_64.rpm"],"aarch64":["libarchive-debuginfo-3.4.3-4.oe1.aarch64.rpm","libarchive-debugsource-3.4.3-4.oe1.aarch64.rpm","libarchive-devel-3.4.3-4.oe1.aarch64.rpm","libarchive-3.4.3-4.oe1.aarch64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2022-1494.json"}},{"package":{"name":"libarchive","ecosystem":"openEuler:20.03-LTS-SP2","purl":"pkg:rpm/openEuler/libarchive&distro=openEuler-20.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.3-4.oe1"}]}],"ecosystem_specific":{"noarch":["libarchive-help-3.4.3-4.oe1.noarch.rpm"],"src":["libarchive-3.4.3-4.oe1.src.rpm"],"x86_64":["libarchive-debugsource-3.4.3-4.oe1.x86_64.rpm","libarchive-3.4.3-4.oe1.x86_64.rpm","libarchive-debuginfo-3.4.3-4.oe1.x86_64.rpm","libarchive-devel-3.4.3-4.oe1.x86_64.rpm"],"aarch64":["libarchive-debuginfo-3.4.3-4.oe1.aarch64.rpm","libarchive-devel-3.4.3-4.oe1.aarch64.rpm","libarchive-debugsource-3.4.3-4.oe1.aarch64.rpm","libarchive-3.4.3-4.oe1.aarch64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2022-1494.json"}},{"package":{"name":"libarchive","ecosystem":"openEuler:20.03-LTS-SP3","purl":"pkg:rpm/openEuler/libarchive&distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.3-4.oe1"}]}],"ecosystem_specific":{"noarch":["libarchive-help-3.4.3-4.oe1.noarch.rpm"],"src":["libarchive-3.4.3-4.oe1.src.rpm"],"x86_64":["libarchive-debuginfo-3.4.3-4.oe1.x86_64.rpm","libarchive-3.4.3-4.oe1.x86_64.rpm","libarchive-devel-3.4.3-4.oe1.x86_64.rpm","libarchive-debugsource-3.4.3-4.oe1.x86_64.rpm"],"aarch64":["libarchive-3.4.3-4.oe1.aarch64.rpm","libarchive-debugsource-3.4.3-4.oe1.aarch64.rpm","libarchive-devel-3.4.3-4.oe1.aarch64.rpm","libarchive-debuginfo-3.4.3-4.oe1.aarch64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2022-1494.json"}}],"schema_version":"1.7.3"}