Описание
Security update for libarchive
This update for libarchive fixes the following issues:
- CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139)
- CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134)
- CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100)
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
libarchive-devel-3.3.2-3.3.2
libarchive13-3.3.2-3.3.2
SUSE Linux Enterprise Module for Development Tools 15
bsdtar-3.3.2-3.3.2
Ссылки
- Link for SUSE-SU-2018:3571-1
- E-Mail link for SUSE-SU-2018:3571-1
- SUSE Security Ratings
- SUSE Bug 1059100
- SUSE Bug 1059134
- SUSE Bug 1059139
- SUSE CVE CVE-2017-14501 page
- SUSE CVE CVE-2017-14502 page
- SUSE CVE CVE-2017-14503 page
Описание
An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:libarchive-devel-3.3.2-3.3.2
SUSE Linux Enterprise Module for Basesystem 15:libarchive13-3.3.2-3.3.2
SUSE Linux Enterprise Module for Development Tools 15:bsdtar-3.3.2-3.3.2
Ссылки
- CVE-2017-14501
- SUSE Bug 1059139
Описание
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:libarchive-devel-3.3.2-3.3.2
SUSE Linux Enterprise Module for Basesystem 15:libarchive13-3.3.2-3.3.2
SUSE Linux Enterprise Module for Development Tools 15:bsdtar-3.3.2-3.3.2
Ссылки
- CVE-2017-14502
- SUSE Bug 1059134
Описание
libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:libarchive-devel-3.3.2-3.3.2
SUSE Linux Enterprise Module for Basesystem 15:libarchive13-3.3.2-3.3.2
SUSE Linux Enterprise Module for Development Tools 15:bsdtar-3.3.2-3.3.2
Ссылки
- CVE-2017-14503
- SUSE Bug 1059100