ALAS2022-2022-201

An out-of-bounds read flaw was found in libarchive. This flaw allows an attacker who can supply a specially crafted zip file to libarchive to cause an out-of-bounds read in programs linked with libarchive, using the LZMA zip functionality. The consequences depend on the specific program linked with libarchive. Still, they would most likely result in an application crash or information disclosure that could be used in conjunction with another exploit. (CVE-2022-26280)

aarch64:
    bsdcpio-debuginfo-3.5.3-2.amzn2022.0.1.aarch64
    libarchive-debugsource-3.5.3-2.amzn2022.0.1.aarch64
    bsdtar-3.5.3-2.amzn2022.0.1.aarch64
    bsdcat-debuginfo-3.5.3-2.amzn2022.0.1.aarch64
    bsdtar-debuginfo-3.5.3-2.amzn2022.0.1.aarch64
    bsdcat-3.5.3-2.amzn2022.0.1.aarch64
    libarchive-debuginfo-3.5.3-2.amzn2022.0.1.aarch64
    bsdcpio-3.5.3-2.amzn2022.0.1.aarch64
    libarchive-3.5.3-2.amzn2022.0.1.aarch64
    libarchive-devel-3.5.3-2.amzn2022.0.1.aarch64

i686:
    libarchive-debuginfo-3.5.3-2.amzn2022.0.1.i686
    libarchive-debugsource-3.5.3-2.amzn2022.0.1.i686
    libarchive-devel-3.5.3-2.amzn2022.0.1.i686
    libarchive-3.5.3-2.amzn2022.0.1.i686
    bsdtar-debuginfo-3.5.3-2.amzn2022.0.1.i686
    bsdtar-3.5.3-2.amzn2022.0.1.i686
    bsdcpio-3.5.3-2.amzn2022.0.1.i686
    bsdcpio-debuginfo-3.5.3-2.amzn2022.0.1.i686
    bsdcat-3.5.3-2.amzn2022.0.1.i686
    bsdcat-debuginfo-3.5.3-2.amzn2022.0.1.i686

src:
    libarchive-3.5.3-2.amzn2022.0.1.src

x86_64:
    libarchive-debuginfo-3.5.3-2.amzn2022.0.1.x86_64
    libarchive-devel-3.5.3-2.amzn2022.0.1.x86_64
    libarchive-debugsource-3.5.3-2.amzn2022.0.1.x86_64
    bsdtar-debuginfo-3.5.3-2.amzn2022.0.1.x86_64
    bsdcpio-3.5.3-2.amzn2022.0.1.x86_64
    bsdcat-3.5.3-2.amzn2022.0.1.x86_64
    bsdcpio-debuginfo-3.5.3-2.amzn2022.0.1.x86_64
    libarchive-3.5.3-2.amzn2022.0.1.x86_64
    bsdcat-debuginfo-3.5.3-2.amzn2022.0.1.x86_64
    bsdtar-3.5.3-2.amzn2022.0.1.x86_64