SUSE-SU-2016:2911-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2016/suse-su-20162911-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:2911-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2016:2911-1

Related

Published

2016-11-25T11:33:02Z

Modified

2016-11-25T11:33:02Z

Summary

Security update for libarchive

Details

This update for libarchive fixes several issues.

These security issues were fixed:

CVE-2016-8687: Buffer overflow when printing a filename (bsc#1005070).
CVE-2016-8689: Heap overflow when reading corrupted 7Zip files (bsc#1005072).
CVE-2016-8688: Use after free because of incorrect calculation in next_line (bsc#1005076).
CVE-2016-5844: Integer overflow in the ISO parser in libarchive allowed remote attackers to cause a denial of service (application crash) via a crafted ISO file (bsc#986566).
CVE-2016-6250: Integer overflow in the ISO9660 writer in libarchive allowed remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow (bsc#989980).
CVE-2016-5418: The sandboxing code in libarchive mishandled hardlink archive entries of non-zero data size, which might allowed remote attackers to write to arbitrary files via a crafted archive file (bsc#998677).

References

Affected packages

SUSE:Linux Enterprise Desktop 12 SP1 / libarchive

Package

Name: libarchive
Purl: pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-25.1

Ecosystem specific

{
    "binaries": [
        {
            "libarchive13": "3.1.2-25.1"
        }
    ]
}

SUSE:Linux Enterprise Desktop 12 SP2 / libarchive

Package

Name: libarchive
Purl: pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-25.1

Ecosystem specific

{
    "binaries": [
        {
            "libarchive13": "3.1.2-25.1"
        }
    ]
}

SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2 / libarchive

Package

Name: libarchive
Purl: pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-25.1

Ecosystem specific

{
    "binaries": [
        {
            "libarchive13": "3.1.2-25.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP1 / libarchive

Package

Name: libarchive
Purl: pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-25.1

Ecosystem specific

{
    "binaries": [
        {
            "libarchive-devel": "3.1.2-25.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP2 / libarchive

Package

Name: libarchive
Purl: pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-25.1

Ecosystem specific

{
    "binaries": [
        {
            "libarchive-devel": "3.1.2-25.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP1 / libarchive

Package

Name: libarchive
Purl: pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-25.1

Ecosystem specific

{
    "binaries": [
        {
            "libarchive13": "3.1.2-25.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP1 / libarchive

Package

Name: libarchive
Purl: pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-25.1

Ecosystem specific

{
    "binaries": [
        {
            "libarchive13": "3.1.2-25.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2 / libarchive

Package

Name: libarchive
Purl: pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-25.1

Ecosystem specific

{
    "binaries": [
        {
            "libarchive13": "3.1.2-25.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP2 / libarchive

Package

Name: libarchive
Purl: pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-25.1

Ecosystem specific

{
    "binaries": [
        {
            "libarchive13": "3.1.2-25.1"
        }
    ]
}