ISN 2024-16: Libarchive Vulnerability

First published 20 June 2024

CVSS 3.1: 7.8 (High)

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A security vulnerability has been found in Libarchive, a library for compressing and decompressing files used in IGEL OS. This affects the following IGEL products:

• IGEL OS 12

• IGEL OS 11

Details

Libarchive contains a heap-based buffer overflow that can lead to remote code execution (RCE). It is tracked as CVE-2024-26256 and rated high.

Update Instructions

• OS 12: Update to base system version 12.4.2 or newer.

• OS 11: Update to the IGEL OS 11.10.150 or newer.

References

• CVE-2024-26256: https://www.cve.org/CVERecord?id=CVE-2024-26256