Slackware users need to update libarchive to version 3.8.7 because new security packages have just arrived for the 15.0 release and current branch. The release addresses critical vulnerabilities like heap buffer overflows on 32-bit systems found within the CAB and iso9660 modules. You can grab the updated files from the OSU Open Source Lab or find additional mirrors near you via the main website. Simply run upgradepkg as root after downloading to ensure your system remains secure against potential exploits.

libarchive (SSA:2026-103-01)

libarchive (SSA:2026-103-01)

libarchive (SSA:2026-103-01)

New libarchive packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/libarchive-3.8.7-i586-1_slack15.0.txz: Upgraded.
Libarchive 3.8.7 is a security and bugfix release.
Notable fixes:
CAB: fix NULL pointer dereference during skip (#2900)
CAB: Fix Heap OOB Write in CAB LZX decoder (#2919)
cpio: various fixes and improvements (#2899, #2908, #2910, #2939)
contrib/untar: fix out-of-bounds read (#2903)
iso9660: fix undefined behavior (#2897)
iso9660: fix posibble heap buffer overflow on 32-bit systems (#2934)
libarchive: fix handling of option failures (#2871)
libarchive: do not continue with truncated numbers (#2911)
libarchive: lzop and grzip filter support (#2947)
RAR: fix LZSS window size mismatch after PPMd block (#2898)
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libarchive-3.8.7-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libarchive-3.8.7-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libarchive-3.8.7-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libarchive-3.8.7-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
7876af266a94cbedca91db264fb5bdf7 libarchive-3.8.7-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
89184aa36a2741523781e2b57645ca01 libarchive-3.8.7-x86_64-1_slack15.0.txz

Slackware -current package:
d8c225f39d6a48bfbb8bd8a7b50e4c89 l/libarchive-3.8.7-i686-1.txz

Slackware x86_64 -current package:
9914a5e0ae8dc66d688031ed48f26b14 l/libarchive-3.8.7-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg libarchive-3.8.7-i586-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key