Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] openSUSE-SU-2016:2036-1: important: Security update for libarchive

Recommended Posts

openSUSE Security Update: Security update for libarchive

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2016:2036-1

Rating: important

References: #984990 #985609 #985665 #985669 #985673 #985675

#985679 #985682 #985685 #985688 #985689 #985697

#985698 #985700 #985703 #985704 #985706 #985826

#985832 #985835

Cross-References: CVE-2015-8918 CVE-2015-8919 CVE-2015-8920

CVE-2015-8921 CVE-2015-8922 CVE-2015-8923

CVE-2015-8924 CVE-2015-8925 CVE-2015-8926

CVE-2015-8928 CVE-2015-8929 CVE-2015-8930

CVE-2015-8931 CVE-2015-8932 CVE-2015-8933

CVE-2015-8934 CVE-2016-4300 CVE-2016-4301

CVE-2016-4302 CVE-2016-4809

Affected Products:

openSUSE Leap 42.1

______________________________________________________________________________

 

An update that fixes 20 vulnerabilities is now available.

 

Description:

 

libarchive was updated to fix 20 security issues.

 

These security issues were fixed:

- CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698).

- CVE-2015-8919: Heap out of bounds read in LHA/LZH parser (bsc#985697).

- CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675).

- CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682).

- CVE-2015-8922: Null pointer access in 7z parser (bsc#985685).

- CVE-2015-8923: Unclear crashes in ZIP parser (bsc#985703).

- CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609).

- CVE-2015-8925: Unclear invalid memory read in mtree parser (bsc#985706).

- CVE-2015-8926: NULL pointer access in RAR parser (bsc#985704).

- CVE-2015-8928: Heap out of bounds read in mtree parser (bsc#985679).

- CVE-2015-8929: Memory leak in tar parser (bsc#985669).

- CVE-2015-8930: Endless loop in ISO parser (bsc#985700).

- CVE-2015-8931: Undefined behavior / signed integer overflow in mtree

parser (bsc#985689).

- CVE-2015-8932: Compress handler left shifting larger than int size

(bsc#985665).

- CVE-2015-8933: Undefined behavior / signed integer overflow in TAR

parser (bsc#985688).

- CVE-2015-8934: Out of bounds read in RAR (bsc#985673).

- CVE-2016-4300: Heap buffer overflow vulnerability in the 7zip

read_SubStreamsInfo (bsc#985832).

- CVE-2016-4301: Stack buffer overflow in the mtree parse_device

(bsc#985826).

- CVE-2016-4302: Heap buffer overflow in the Rar decompression

functionality (bsc#985835).

- CVE-2016-4809: Memory allocate error with symbolic links in cpio

archives (bsc#984990).

 

This update was imported from the SUSE:SLE-12:Update update project.

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE Leap 42.1:

 

zypper in -t patch openSUSE-2016-969=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE Leap 42.1 (i586 x86_64):

 

bsdtar-3.1.2-13.2

bsdtar-debuginfo-3.1.2-13.2

libarchive-debugsource-3.1.2-13.2

libarchive-devel-3.1.2-13.2

libarchive13-3.1.2-13.2

libarchive13-debuginfo-3.1.2-13.2

 

- openSUSE Leap 42.1 (x86_64):

 

libarchive13-32bit-3.1.2-13.2

libarchive13-debuginfo-32bit-3.1.2-13.2

 

 

References:

 

https://www.suse.com/security/cve/CVE-2015-8918.html

https://www.suse.com/security/cve/CVE-2015-8919.html

https://www.suse.com/security/cve/CVE-2015-8920.html

https://www.suse.com/security/cve/CVE-2015-8921.html

https://www.suse.com/security/cve/CVE-2015-8922.html

https://www.suse.com/security/cve/CVE-2015-8923.html

https://www.suse.com/security/cve/CVE-2015-8924.html

https://www.suse.com/security/cve/CVE-2015-8925.html

https://www.suse.com/security/cve/CVE-2015-8926.html

https://www.suse.com/security/cve/CVE-2015-8928.html

https://www.suse.com/security/cve/CVE-2015-8929.html

https://www.suse.com/security/cve/CVE-2015-8930.html

https://www.suse.com/security/cve/CVE-2015-8931.html

https://www.suse.com/security/cve/CVE-2015-8932.html

https://www.suse.com/security/cve/CVE-2015-8933.html

https://www.suse.com/security/cve/CVE-2015-8934.html

https://www.suse.com/security/cve/CVE-2016-4300.html

https://www.suse.com/security/cve/CVE-2016-4301.html

https://www.suse.com/security/cve/CVE-2016-4302.html

https://www.suse.com/security/cve/CVE-2016-4809.html

https://bugzilla.suse.com/984990

https://bugzilla.suse.com/985609

https://bugzilla.suse.com/985665

https://bugzilla.suse.com/985669

https://bugzilla.suse.com/985673

https://bugzilla.suse.com/985675

https://bugzilla.suse.com/985679

https://bugzilla.suse.com/985682

https://bugzilla.suse.com/985685

https://bugzilla.suse.com/985688

https://bugzilla.suse.com/985689

https://bugzilla.suse.com/985697

https://bugzilla.suse.com/985698

https://bugzilla.suse.com/985700

https://bugzilla.suse.com/985703

https://bugzilla.suse.com/985704

https://bugzilla.suse.com/985706

https://bugzilla.suse.com/985826

https://bugzilla.suse.com/985832

https://bugzilla.suse.com/985835

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×