PT-2020-8615 · Opensuse · Xar
Published
2026-06-22
·
Updated
2026-06-23
·
CVE-2018-17094
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
This update for xar fixes the following issues:
Changes in xar:
- Switch to the maintained Apple xar lineage (build 503, versioned 1.8.0.0.503): the mackyle 1.6.1 fork this package tracked has been dead since 2012, and Debian, Fedora and Gentoo all moved to Apple's xar (apple-oss-distributions/xar). This resolves the long-standing NULL-pointer dereferences in xar get path() and xar unserialize() when parsing malformed archives:
- CVE-2017-11124 (boo#1047875)
- CVE-2017-11125 (boo#1047874)
- CVE-2018-17093 (boo#1108595)
- CVE-2018-17094 (boo#1108596)
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Xar