Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:1909-1

Опубликовано: 29 июл. 2016
Источник: suse-cvrf

Описание

Security update for libarchive

libarchive was updated to fix 20 security issues.

These security issues were fixed:

  • CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698).
  • CVE-2015-8919: Heap out of bounds read in LHA/LZH parser (bsc#985697).
  • CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675).
  • CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682).
  • CVE-2015-8922: Null pointer access in 7z parser (bsc#985685).
  • CVE-2015-8923: Unclear crashes in ZIP parser (bsc#985703).
  • CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609).
  • CVE-2015-8925: Unclear invalid memory read in mtree parser (bsc#985706).
  • CVE-2015-8926: NULL pointer access in RAR parser (bsc#985704).
  • CVE-2015-8928: Heap out of bounds read in mtree parser (bsc#985679).
  • CVE-2015-8929: Memory leak in tar parser (bsc#985669).
  • CVE-2015-8930: Endless loop in ISO parser (bsc#985700).
  • CVE-2015-8931: Undefined behavior / signed integer overflow in mtree parser (bsc#985689).
  • CVE-2015-8932: Compress handler left shifting larger than int size (bsc#985665).
  • CVE-2015-8933: Undefined behavior / signed integer overflow in TAR parser (bsc#985688).
  • CVE-2015-8934: Out of bounds read in RAR (bsc#985673).
  • CVE-2016-4300: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo (bsc#985832).
  • CVE-2016-4301: Stack buffer overflow in the mtree parse_device (bsc#985826).
  • CVE-2016-4302: Heap buffer overflow in the Rar decompression functionality (bsc#985835).
  • CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990).

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1
libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1
libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1
libarchive-devel-3.1.2-22.1

Ссылки

Описание

The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки

Описание

The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки

Описание

The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки

Описание

The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки

Описание

The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки

Описание

The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки

Описание

The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки

Описание

The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки

Описание

The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки

Описание

The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки

Описание

Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки

Описание

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки

Описание

Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки

Описание

The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки

Описание

Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки

Описание

The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки

Описание

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки

Описание

Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки

Описание

Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки

Описание

The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libarchive13-3.1.2-22.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libarchive-devel-3.1.2-22.1
Ссылки