Vulnerability in libarchive < 3.0.0 may allow remote code execution
https://bugzilla.redhat.com/show\_bug.cgi?id=705849
Patches included in report above do not apply cleanly to 2.8.5.
Solution:
- Upgrade to v3.0.2
(from redmine: issue id 900, created on 2012-01-06, closed on 2012-01-16)
- Changesets:
- Revision 7b5d3b5c by Natanael Copa on 2012-01-10T13:00:32Z:
main/libarchive: security upgrade to 3.0.2
CVE-2010-4666
CVE-2011-1777
CVE-2011-1778
CVE-2011-1779)
fixes #900