Описание
Security update for libarchive
This update for libarchive fixes the following issues:
- CVE-2021-31566: Fixed vulnerability where libarchive modifies file flags of symlink target (bsc#1192426)
- Fixed issue where processing fixup entries may follow symbolic links (bsc#1192427).
Список пакетов
Image SLES15-SP4-Manager-Server-4-3
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP4-SAP
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP4-SAP-Azure
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP4-SAP-EC2
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP4-SAP-GCE
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP4-SAPCAL
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP4-SAPCAL-Azure
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP4-SAPCAL-EC2
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP4-SAPCAL-GCE
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP5-SAP-Azure
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP5-SAP-EC2
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP5-SAP-GCE
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP5-SAPCAL-Azure
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP5-SAPCAL-EC2
libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP5-SAPCAL-GCE
libarchive13-3.5.1-150400.3.9.1
SUSE Linux Enterprise Micro 5.3
libarchive13-3.5.1-150400.3.9.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
libarchive-devel-3.5.1-150400.3.9.1
libarchive13-3.5.1-150400.3.9.1
SUSE Linux Enterprise Module for Development Tools 15 SP4
bsdtar-3.5.1-150400.3.9.1
openSUSE Leap 15.4
bsdtar-3.5.1-150400.3.9.1
libarchive-devel-3.5.1-150400.3.9.1
libarchive13-3.5.1-150400.3.9.1
libarchive13-32bit-3.5.1-150400.3.9.1
Ссылки
- Link for SUSE-SU-2022:3936-1
- E-Mail link for SUSE-SU-2022:3936-1
- SUSE Security Ratings
- SUSE Bug 1192426
- SUSE Bug 1192427
- SUSE CVE CVE-2021-31566 page
Описание
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.
Затронутые продукты
Image SLES15-SP4-Manager-Server-4-3-Azure-llc:libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:libarchive13-3.5.1-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:libarchive13-3.5.1-150400.3.9.1
Ссылки
- CVE-2021-31566
- SUSE Bug 1192426