Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Update
patchinfo.9133
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.9133
<patchinfo incident="9133"> <issue tracker="bnc" id="1059134">VUL-1: CVE-2017-14502: bsdtar,libarchive: read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffersfrom an off-by-one error for UTF-16 names in RAR archives, leading to anout-of-bounds read in archive_read_format_rar_re</issue> <issue tracker="bnc" id="1059100">VUL-0: CVE-2017-14503: libarchive: libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none()in archive_read_support_format_lha.c when extracting a specially crafted lhaarchive, related to lha_crc16.</issue> <issue tracker="bnc" id="1032089">VUL-1: CVE-2016-10209: libarchive: The archive_wstring_append_from_mbs function in archive_string.c in libarchive3.2.2 allows remote a...</issue> <issue tracker="bnc" id="1037008">VUL-1: CVE-2016-10349: libarchive: bsdtar: heap-based buffer overflow read (in archive_le32dec)</issue> <issue tracker="bnc" id="1059139">VUL-1: CVE-2017-14501: bsdtar,libarchive: An out-of-bounds read flaw exists in parse_file_info inarchive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting aspecially crafted iso9660 iso file, related toarchive_read_format</issue> <issue tracker="bnc" id="1057514">VUL-0: CVE-2017-14166: libarchive: libarchive 3.3.2 allows remote attackers to cause a denial of service via a crafted xar archive</issue> <issue tracker="bnc" id="1037009">VUL-1: CVE-2016-10350: libarchive: heap-based buffer overflow read in archive_read_format_cab_read_header</issue> <issue tracker="cve" id="2016-10209"/> <issue tracker="cve" id="2017-14166"/> <issue tracker="cve" id="2016-10349"/> <issue tracker="cve" id="2016-10350"/> <issue tracker="cve" id="2017-14503"/> <issue tracker="cve" id="2017-14502"/> <issue tracker="cve" id="2017-14501"/> <category>security</category> <rating>moderate</rating> <packager>adrianSuSE</packager> <description>This update for libarchive fixes the following issues: - CVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (bsc#1032089) - CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037008) - CVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037009) - CVE-2017-14166: libarchive allowed remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. (bsc#1057514) - CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139) - CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134) - CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100) This update was imported from the SUSE:SLE-12:Update update project.</description> <summary>Security update for libarchive</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor