Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:3690-1

Опубликовано: 09 нояб. 2018
Источник: suse-cvrf

Описание

Security update for libarchive

This update for libarchive fixes the following issues:

  • CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139)
  • CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134)
  • CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0
bsdtar-3.3.2-lp150.2.3.1
libarchive-3.3.2-lp150.2.3.1
libarchive-devel-3.3.2-lp150.2.3.1
libarchive13-3.3.2-lp150.2.3.1
libarchive13-32bit-3.3.2-lp150.2.3.1

Ссылки

Описание

An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.

Затронутые продукты
openSUSE Leap 15.0:bsdtar-3.3.2-lp150.2.3.1
openSUSE Leap 15.0:libarchive-3.3.2-lp150.2.3.1
openSUSE Leap 15.0:libarchive-devel-3.3.2-lp150.2.3.1
openSUSE Leap 15.0:libarchive13-3.3.2-lp150.2.3.1
Ссылки

Описание

read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.

Затронутые продукты
openSUSE Leap 15.0:bsdtar-3.3.2-lp150.2.3.1
openSUSE Leap 15.0:libarchive-3.3.2-lp150.2.3.1
openSUSE Leap 15.0:libarchive-devel-3.3.2-lp150.2.3.1
openSUSE Leap 15.0:libarchive13-3.3.2-lp150.2.3.1
Ссылки

Описание

libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.

Затронутые продукты
openSUSE Leap 15.0:bsdtar-3.3.2-lp150.2.3.1
openSUSE Leap 15.0:libarchive-3.3.2-lp150.2.3.1
openSUSE Leap 15.0:libarchive-devel-3.3.2-lp150.2.3.1
openSUSE Leap 15.0:libarchive13-3.3.2-lp150.2.3.1
Ссылки