Описание
Security update for libarchive
This update for libarchive fixes the following issues:
- CVE-2021-36976: Fixed an invalid memory access that could cause data corruption (bsc#1188572).
Non-security updates:
- Updated references for CVE-2017-5601, which was already fixed in a previous version (bsc#1022528 bsc#1189528).
Список пакетов
openSUSE Leap 15.3
bsdtar-3.4.2-150200.4.3.1
libarchive-devel-3.4.2-150200.4.3.1
libarchive13-3.4.2-150200.4.3.1
libarchive13-32bit-3.4.2-150200.4.3.1
Ссылки
- E-Mail link for openSUSE-SU-2022:0944-1
- SUSE Security Ratings
- SUSE Bug 1022528
- SUSE Bug 1188572
- SUSE Bug 1189528
- SUSE CVE CVE-2017-5601 page
- SUSE CVE CVE-2021-36976 page
Описание
An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.
Затронутые продукты
openSUSE Leap 15.3:bsdtar-3.4.2-150200.4.3.1
openSUSE Leap 15.3:libarchive-devel-3.4.2-150200.4.3.1
openSUSE Leap 15.3:libarchive13-3.4.2-150200.4.3.1
openSUSE Leap 15.3:libarchive13-32bit-3.4.2-150200.4.3.1
Ссылки
- CVE-2017-5601
- SUSE Bug 1022528
- SUSE Bug 1189528
Описание
libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
Затронутые продукты
openSUSE Leap 15.3:bsdtar-3.4.2-150200.4.3.1
openSUSE Leap 15.3:libarchive-devel-3.4.2-150200.4.3.1
openSUSE Leap 15.3:libarchive13-3.4.2-150200.4.3.1
openSUSE Leap 15.3:libarchive13-32bit-3.4.2-150200.4.3.1
Ссылки
- CVE-2021-36976
- SUSE Bug 1188572