Security update for libarchive SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:3005-1 Final 1 1 2016-12-05T08:51:21Z current 2016-12-05T08:51:21Z 2016-12-05T08:51:21Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libarchive This update for libarchive fixes several issues. These security issues were fixed: - CVE-2016-8687: Buffer overflow when printing a filename (bsc#1005070). - CVE-2016-8689: Heap overflow when reading corrupted 7Zip files (bsc#1005072). - CVE-2016-8688: Use after free because of incorrect calculation in next_line (bsc#1005076). - CVE-2016-5844: Integer overflow in the ISO parser in libarchive allowed remote attackers to cause a denial of service (application crash) via a crafted ISO file (bsc#986566). - CVE-2016-6250: Integer overflow in the ISO9660 writer in libarchive allowed remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow (bsc#989980). - CVE-2016-5418: The sandboxing code in libarchive mishandled hardlink archive entries of non-zero data size, which might allowed remote attackers to write to arbitrary files via a crafted archive file (bsc#998677). This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-12/msg00030.html E-Mail link for openSUSE-SU-2016:3005-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 bsdtar-3.1.2-16.1 libarchive-3.1.2-16.1 libarchive-devel-3.1.2-16.1 libarchive13-3.1.2-16.1 libarchive13-32bit-3.1.2-16.1 bsdtar-3.1.2-16.1 as a component of openSUSE Leap 42.1 libarchive-3.1.2-16.1 as a component of openSUSE Leap 42.1 libarchive-devel-3.1.2-16.1 as a component of openSUSE Leap 42.1 libarchive13-3.1.2-16.1 as a component of openSUSE Leap 42.1 libarchive13-32bit-3.1.2-16.1 as a component of openSUSE Leap 42.1 Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. CVE-2015-2304 openSUSE Leap 42.1:bsdtar-3.1.2-16.1 openSUSE Leap 42.1:libarchive-3.1.2-16.1 openSUSE Leap 42.1:libarchive-devel-3.1.2-16.1 openSUSE Leap 42.1:libarchive13-3.1.2-16.1 openSUSE Leap 42.1:libarchive13-32bit-3.1.2-16.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-12/msg00030.html https://www.suse.com/security/cve/CVE-2015-2304.html CVE-2015-2304 https://bugzilla.suse.com/920870 SUSE Bug 920870 The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. CVE-2016-5418 openSUSE Leap 42.1:bsdtar-3.1.2-16.1 openSUSE Leap 42.1:libarchive-3.1.2-16.1 openSUSE Leap 42.1:libarchive-devel-3.1.2-16.1 openSUSE Leap 42.1:libarchive13-3.1.2-16.1 openSUSE Leap 42.1:libarchive13-32bit-3.1.2-16.1 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-12/msg00030.html https://www.suse.com/security/cve/CVE-2016-5418.html CVE-2016-5418 https://bugzilla.suse.com/998677 SUSE Bug 998677 Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. CVE-2016-5844 openSUSE Leap 42.1:bsdtar-3.1.2-16.1 openSUSE Leap 42.1:libarchive-3.1.2-16.1 openSUSE Leap 42.1:libarchive-devel-3.1.2-16.1 openSUSE Leap 42.1:libarchive13-3.1.2-16.1 openSUSE Leap 42.1:libarchive13-32bit-3.1.2-16.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-12/msg00030.html https://www.suse.com/security/cve/CVE-2016-5844.html CVE-2016-5844 https://bugzilla.suse.com/986566 SUSE Bug 986566 Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow. CVE-2016-6250 openSUSE Leap 42.1:bsdtar-3.1.2-16.1 openSUSE Leap 42.1:libarchive-3.1.2-16.1 openSUSE Leap 42.1:libarchive-devel-3.1.2-16.1 openSUSE Leap 42.1:libarchive13-3.1.2-16.1 openSUSE Leap 42.1:libarchive13-32bit-3.1.2-16.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-12/msg00030.html https://www.suse.com/security/cve/CVE-2016-6250.html CVE-2016-6250 https://bugzilla.suse.com/989980 SUSE Bug 989980 Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. CVE-2016-8687 openSUSE Leap 42.1:bsdtar-3.1.2-16.1 openSUSE Leap 42.1:libarchive-3.1.2-16.1 openSUSE Leap 42.1:libarchive-devel-3.1.2-16.1 openSUSE Leap 42.1:libarchive13-3.1.2-16.1 openSUSE Leap 42.1:libarchive13-32bit-3.1.2-16.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-12/msg00030.html https://www.suse.com/security/cve/CVE-2016-8687.html CVE-2016-8687 https://bugzilla.suse.com/1005070 SUSE Bug 1005070 The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c. CVE-2016-8688 openSUSE Leap 42.1:bsdtar-3.1.2-16.1 openSUSE Leap 42.1:libarchive-3.1.2-16.1 openSUSE Leap 42.1:libarchive-devel-3.1.2-16.1 openSUSE Leap 42.1:libarchive13-3.1.2-16.1 openSUSE Leap 42.1:libarchive13-32bit-3.1.2-16.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-12/msg00030.html https://www.suse.com/security/cve/CVE-2016-8688.html CVE-2016-8688 https://bugzilla.suse.com/1005076 SUSE Bug 1005076 The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive. CVE-2016-8689 openSUSE Leap 42.1:bsdtar-3.1.2-16.1 openSUSE Leap 42.1:libarchive-3.1.2-16.1 openSUSE Leap 42.1:libarchive-devel-3.1.2-16.1 openSUSE Leap 42.1:libarchive13-3.1.2-16.1 openSUSE Leap 42.1:libarchive13-32bit-3.1.2-16.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-12/msg00030.html https://www.suse.com/security/cve/CVE-2016-8689.html CVE-2016-8689 https://bugzilla.suse.com/1005072 SUSE Bug 1005072