Описание
Recommended update for libarchive
This update for libarchive fixes the following issues:
libarchive was updated to version 3.3.3
- Avoid super-linear slowdown on malformed mtree files
- Many fixes for building with Visual Studio
- NO_OVERWRITE doesn't change existing directory attributes
- New support for Zstandard read and write filters
- Fixes CVE-2017-14501, CVE-2017-14502, CVE-2017-14503
- Needed by of Firefox91 (bsc#1188891)
Список пакетов
Image SLES15-SP1-SAPCAL-Azure
Image SLES15-SP1-SAPCAL-EC2-HVM
Image SLES15-SP1-SAPCAL-GCE
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Server 15 SP1-BCL
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Manager Proxy 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Server 4.0
Ссылки
- Link for SUSE-RU-2021:2757-1
- E-Mail link for SUSE-RU-2021:2757-1
- SUSE Security Ratings
- SUSE Bug 1188891
- SUSE CVE CVE-2017-14166 page
- SUSE CVE CVE-2017-14501 page
- SUSE CVE CVE-2017-14502 page
- SUSE CVE CVE-2017-14503 page
- SUSE CVE CVE-2019-18408 page
Описание
libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.
Затронутые продукты
Ссылки
- CVE-2017-14166
- SUSE Bug 1057514
Описание
An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.
Затронутые продукты
Ссылки
- CVE-2017-14501
- SUSE Bug 1059139
Описание
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.
Затронутые продукты
Ссылки
- CVE-2017-14502
- SUSE Bug 1059134
Описание
libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.
Затронутые продукты
Ссылки
- CVE-2017-14503
- SUSE Bug 1059100
Описание
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
Затронутые продукты
Ссылки
- CVE-2019-18408
- SUSE Bug 1155079