File _patchinfo of Package patchinfo.9092

<patchinfo incident="9092">
  <category>security</category>
  <rating>moderate</rating>
  <issue tracker="bnc" id="1059134">VUL-1: CVE-2017-14502: bsdtar,libarchive: read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffersfrom an off-by-one error for UTF-16 names in RAR archives, leading to anout-of-bounds read in archive_read_format_rar_re</issue>
  <issue tracker="bnc" id="1059100">VUL-0: CVE-2017-14503: libarchive: libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none()in archive_read_support_format_lha.c when extracting a specially crafted lhaarchive, related to lha_crc16.</issue>
  <issue tracker="bnc" id="1059139">VUL-1: CVE-2017-14501: bsdtar,libarchive: An out-of-bounds read flaw exists in parse_file_info inarchive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting aspecially crafted iso9660 iso file, related toarchive_read_format</issue>
  <issue tracker="cve" id="2017-14503"/>
  <issue tracker="cve" id="2017-14502"/>
  <issue tracker="cve" id="2017-14501"/>
  <packager>msmeissn</packager>
  <summary>Security update for libarchive</summary>
  <description>
This update for libarchive fixes the following issues:

- CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139)
- CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134)
- CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100)

  </description>
</patchinfo>