Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.2:Update
patchinfo.5942
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.5942
<patchinfo incident="5942"> <issue id="986566" tracker="bnc">VUL-0: CVE-2016-5844: bsdtar,libarchive: undefined behaviour (integer overflow) in iso parser</issue> <issue id="1005070" tracker="bnc">VUL-0: CVE-2016-8687: bsdtar, libarchive: Buffer overflow printing a filename</issue> <issue id="1005072" tracker="bnc">VUL-0: CVE-2016-8689: libarchive: Heap overflow reading corrupted 7Zip files</issue> <issue id="989980" tracker="bnc">VUL-1: CVE-2016-6250: libarchive: Integer overflow when verifying filename size when writing ISO9660 archives</issue> <issue id="998677" tracker="bnc">VUL-0: CVE-2016-5418: libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite</issue> <issue id="1005076" tracker="bnc">VUL-0: CVE-2016-8688: libarchive: Use after free because of incorrect calculation in next_line</issue> <issue id="2016-6250" tracker="cve" /> <issue id="2016-8689" tracker="cve" /> <issue id="2016-8688" tracker="cve" /> <issue id="2016-8687" tracker="cve" /> <issue id="2016-5844" tracker="cve" /> <issue id="2016-5418" tracker="cve" /> <issue id="2015-2304" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>adrianSuSE</packager> <description> This update for libarchive fixes several issues. These security issues were fixed: - CVE-2016-8687: Buffer overflow when printing a filename (bsc#1005070). - CVE-2016-8689: Heap overflow when reading corrupted 7Zip files (bsc#1005072). - CVE-2016-8688: Use after free because of incorrect calculation in next_line (bsc#1005076). - CVE-2016-5844: Integer overflow in the ISO parser in libarchive allowed remote attackers to cause a denial of service (application crash) via a crafted ISO file (bsc#986566). - CVE-2016-6250: Integer overflow in the ISO9660 writer in libarchive allowed remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow (bsc#989980). - CVE-2016-5418: The sandboxing code in libarchive mishandled hardlink archive entries of non-zero data size, which might allowed remote attackers to write to arbitrary files via a crafted archive file (bsc#998677). This update was imported from the SUSE:SLE-12:Update update project.</description> <summary>Security update for libarchive</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
