Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:1939-1

Опубликовано: 02 авг. 2016
Источник: suse-cvrf

Описание

Security update for bsdtar

bsdtar was updated to fix seven security issues.

These security issues were fixed:

  • CVE-2015-8929: Memory leak in tar parser (bsc#985669).
  • CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990).
  • CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675).
  • CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682).
  • CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609).
  • CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698).
  • CVE-2015-2304: Reject absolute paths in input mode of bsdcpio exactly when '..' is rejected (bsc#920870).

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3
libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP2-LTSS
libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP3-LTSS
libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP4
libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libarchive2-2.5.5-9.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libarchive-devel-2.5.5-9.1
SUSE Manager 2.1
libarchive2-2.5.5-9.1
SUSE Manager Proxy 2.1
libarchive2-2.5.5-9.1
SUSE OpenStack Cloud 5
libarchive2-2.5.5-9.1
SUSE Studio Onsite 1.3
libarchive-devel-2.5.5-9.1

Ссылки

Описание

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1
Ссылки

Описание

The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1
Ссылки

Описание

The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1
Ссылки

Описание

The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1
Ссылки

Описание

The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1
Ссылки

Описание

Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1
Ссылки

Описание

The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP2-LTSS:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP3-LTSS:libarchive2-2.5.5-9.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:libarchive2-2.5.5-9.1
Ссылки
Уязвимость SUSE-SU-2016:1939-1