Overview

File _patchinfo of Package patchinfo.13055

<patchinfo incident="13055">
  <issue tracker="bnc" id="1120653">VUL-1: CVE-2018-1000877: libarchive: double free vulnerability in RAR decoder</issue>
  <issue tracker="bnc" id="1120654">VUL-1: CVE-2018-1000878: libarchive: Use After Free vulnerability in RAR decoder</issue>
  <issue tracker="bnc" id="1124341">VUL-1: CVE-2019-1000019: libarchive: Out-of-bounds Read vulnerability in 7zip decompression</issue>
  <issue tracker="bnc" id="1124342">VUL-1: CVE-2019-1000020: libarchive: Infinite Loop vulnerability in ISO9660 parser</issue>
  <issue tracker="bnc" id="1155079">VUL-1: CVE-2019-18408: libarchive: use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol</issue>
  <issue tracker="bnc" id="1059139">VUL-1: CVE-2017-14501: bsdtar,libarchive: An out-of-bounds read flaw exists in parse_file_info inarchive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting aspecially crafted iso9660 iso file, related toarchive_read_format</issue>
  <issue tracker="bnc" id="1037009">VUL-1: CVE-2016-10350: libarchive: heap-based buffer overflow read in archive_read_format_cab_read_header</issue>
  <issue tracker="bnc" id="1037008">VUL-1: CVE-2016-10349: libarchive: bsdtar: heap-based buffer overflow read (in archive_le32dec)</issue>
  <issue tracker="bnc" id="1059134">VUL-1: CVE-2017-14502: bsdtar,libarchive: read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffersfrom an off-by-one error for UTF-16 names in RAR archives, leading to anout-of-bounds read in archive_read_format_rar_re</issue>
  <issue tracker="bnc" id="1032089">VUL-1: CVE-2016-10209: libarchive: The archive_wstring_append_from_mbs function in archive_string.c in libarchive3.2.2 allows remote a...</issue>
  <issue tracker="cve" id="2018-1000877"/>
  <issue tracker="cve" id="2018-1000878"/>
  <issue tracker="cve" id="2019-1000019"/>
  <issue tracker="cve" id="2019-1000020"/>
  <issue tracker="cve" id="2019-18408"/>
  <issue tracker="cve" id="2017-14501"/>
  <issue tracker="cve" id="2016-10350"/>
  <issue tracker="cve" id="2016-10349"/>
  <issue tracker="cve" id="2017-14502"/>
  <issue tracker="cve" id="2016-10209"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>kbabioch</packager>
  <description>This update for libarchive fixes the following issues:

Security issues fixed:

- CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder (bsc#1120653).
- CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder (bsc#1120654).
- CVE-2019-1000019: Fixed an Out-Of-Bounds Read vulnerability in 7zip decompression (bsc#1124341).
- CVE-2019-1000020: Fixed an Infinite Loop vulnerability in ISO9660 parser (bsc#1124342).
- CVE-2019-18408: Fixed a use-after-free in RAR format support (bsc#1155079).
</description>
  <summary>Security update for libarchive</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places