Forum › Forums › Official Releases › antiX-17 “Heather Heyer” › HELP please re:libarchive version security bug
- This topic has 2 replies, 2 voices, and was last updated Nov 15-8:32 am by stevesr0.
-
AuthorPosts
-
November 15, 2019 at 6:40 am #29372Member
stevesr0
I heard that there is a bug in versions of libarchive that warrants updating to version 3.4.0 (CVE-2019-18408). I am running antix 17 with libarchive3 installed, with a version level of 3.2.2. I don’t see version 3.4.0 available as an alternative.
I also understand that Debian has updated to version 3.4.
I just attempted to update by installing from the libarchive.org github site. Configure completed without complaint,but make generated errors in make make ch and make install (see below).
MAKE:
“Makefile:6561: recipe for target ‘libarchive/archive_read_support_filter_gzip.lo’ failed
make[1]: *** [libarchive/archive_read_support_filter_gzip.lo] Error 1
make[1]: Leaving directory ‘/home/stevesr0/Downloads/libarchive-3.4.0’
Makefile:3773: recipe for target ‘all’ failed
make: *** [all] Error 2”Make ch:
$ make ch
make: *** No rule to make target ‘ch’. Stop.Make install:
libarchive/archive_read_support_filter_gzip.c:247:11: error: dereferencing pointer to incomplete type ‘struct private_data’
if (state->mtime != 0)
^~
At top level:
libarchive/archive_read_support_filter_gzip.c:240:1: warning: ‘gzip_read_header’ defined but not used [-Wunused-function]
gzip_read_header(struct archive_read_filter *self, struct archive_entry *entry)
^~~~~~~~~~~~~~~~
Makefile:6561: recipe for target ‘libarchive/archive_read_support_filter_gzip.lo’ failed
make[1]: *** [libarchive/archive_read_support_filter_gzip.lo] Error 1
make[1]: Leaving directory ‘/home/stevesr0/Downloads/libarchive-3.4.0’
Makefile:14897: recipe for target ‘install’ failed
make: *** [install] Error 2I don’t know if these errors are significant (the new version is not installed and/or the old version has been mucked with).
I have sought enlightenment from the github site and internet search, but haven’t found anything helpful.
Comments appreciated.
I will also recheck whether things are working after reboot.
stevesr0
- This topic was modified 3 weeks, 2 days ago by stevesr0.
November 15, 2019 at 6:46 am #29373Forum Adminanticapitalista
It seems there is already a security fix version in Debian stretch
Philosophers have interpreted the world in many ways; the point is to change it.
November 15, 2019 at 8:32 am #29379Memberstevesr0
Hi anticapitalista,
Thanks for reply. That does seem to address the CVEs of concern.
I already had that one installed, so my work was unnecessary.
stevesr0
-
AuthorPosts
- You must be logged in to reply to this topic.