Описание
Security update for libarchive
This update for libarchive fixes the following issues:
- CVE-2021-36976: Fixed an invalid memory access that could cause data corruption (bsc#1188572).
Non-security updates:
- Updated references for CVE-2017-5601, which was already fixed in a previous version (bsc#1022528 bsc#1189528).
Список пакетов
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
libarchive13-3.4.2-150200.4.3.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
libarchive13-3.4.2-150200.4.3.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
libarchive13-3.4.2-150200.4.3.1
Image SLES15-SP3-EC2-HVM
libarchive13-3.4.2-150200.4.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
libarchive13-3.4.2-150200.4.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
libarchive13-3.4.2-150200.4.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
libarchive13-3.4.2-150200.4.3.1
Image SLES15-SP3-SAP-Azure
libarchive13-3.4.2-150200.4.3.1
Image SLES15-SP3-SAP-EC2-HVM
libarchive13-3.4.2-150200.4.3.1
Image SLES15-SP3-SAP-GCE
libarchive13-3.4.2-150200.4.3.1
Image SLES15-SP3-SAPCAL-Azure
libarchive13-3.4.2-150200.4.3.1
Image SLES15-SP3-SAPCAL-EC2-HVM
libarchive13-3.4.2-150200.4.3.1
Image SLES15-SP3-SAPCAL-GCE
libarchive13-3.4.2-150200.4.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
libarchive-devel-3.4.2-150200.4.3.1
libarchive13-3.4.2-150200.4.3.1
SUSE Linux Enterprise Module for Development Tools 15 SP3
bsdtar-3.4.2-150200.4.3.1
SUSE Linux Enterprise Real Time 15 SP2
bsdtar-3.4.2-150200.4.3.1
libarchive-devel-3.4.2-150200.4.3.1
libarchive13-3.4.2-150200.4.3.1
Ссылки
- Link for SUSE-SU-2022:0944-1
- E-Mail link for SUSE-SU-2022:0944-1
- SUSE Security Ratings
- SUSE Bug 1022528
- SUSE Bug 1188572
- SUSE Bug 1189528
- SUSE CVE CVE-2017-5601 page
- SUSE CVE CVE-2021-36976 page
Описание
An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.
Затронутые продукты
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure:libarchive13-3.4.2-150200.4.3.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM:libarchive13-3.4.2-150200.4.3.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE:libarchive13-3.4.2-150200.4.3.1
Image SLES15-SP3-EC2-HVM:libarchive13-3.4.2-150200.4.3.1
Ссылки
- CVE-2017-5601
- SUSE Bug 1022528
- SUSE Bug 1189528
Описание
libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
Затронутые продукты
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure:libarchive13-3.4.2-150200.4.3.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM:libarchive13-3.4.2-150200.4.3.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE:libarchive13-3.4.2-150200.4.3.1
Image SLES15-SP3-EC2-HVM:libarchive13-3.4.2-150200.4.3.1
Ссылки
- CVE-2021-36976
- SUSE Bug 1188572