Security update for libarchive SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:3640-2 Final 1 1 2018-12-06T13:20:47Z current 2018-12-06T13:20:47Z 2018-12-06T13:20:47Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libarchive This update for libarchive fixes the following issues: - CVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (bsc#1032089) - CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037008) - CVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037009) - CVE-2017-14166: libarchive allowed remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. (bsc#1057514) - CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139) - CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134) - CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP4-2018-2594,SUSE-SLE-SDK-12-SP4-2018-2594,SUSE-SLE-SERVER-12-SP4-2018-2594 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20183640-2/ Link for SUSE-SU-2018:3640-2 https://lists.suse.com/pipermail/sle-security-updates/2018-December/004927.html E-Mail link for SUSE-SU-2018:3640-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1032089 SUSE Bug 1032089 https://bugzilla.suse.com/1037008 SUSE Bug 1037008 https://bugzilla.suse.com/1037009 SUSE Bug 1037009 https://bugzilla.suse.com/1057514 SUSE Bug 1057514 https://bugzilla.suse.com/1059100 SUSE Bug 1059100 https://bugzilla.suse.com/1059134 SUSE Bug 1059134 https://bugzilla.suse.com/1059139 SUSE Bug 1059139 https://www.suse.com/security/cve/CVE-2016-10209/ SUSE CVE CVE-2016-10209 page https://www.suse.com/security/cve/CVE-2016-10349/ SUSE CVE CVE-2016-10349 page https://www.suse.com/security/cve/CVE-2016-10350/ SUSE CVE CVE-2016-10350 page https://www.suse.com/security/cve/CVE-2017-14166/ SUSE CVE CVE-2017-14166 page https://www.suse.com/security/cve/CVE-2017-14501/ SUSE CVE CVE-2017-14501 page https://www.suse.com/security/cve/CVE-2017-14502/ SUSE CVE CVE-2017-14502 page https://www.suse.com/security/cve/CVE-2017-14503/ SUSE CVE CVE-2017-14503 page SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 libarchive13-3.1.2-26.3.1 libarchive-devel-3.1.2-26.3.1 libarchive13-3.1.2-26.3.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 libarchive13-3.1.2-26.3.1 as a component of SUSE Linux Enterprise Server 12 SP4 libarchive13-3.1.2-26.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libarchive-devel-3.1.2-26.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. CVE-2016-10209 SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183640-2/ https://www.suse.com/security/cve/CVE-2016-10209.html CVE-2016-10209 https://bugzilla.suse.com/1032089 SUSE Bug 1032089 The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. CVE-2016-10349 SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183640-2/ https://www.suse.com/security/cve/CVE-2016-10349.html CVE-2016-10349 https://bugzilla.suse.com/1037008 SUSE Bug 1037008 The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. CVE-2016-10350 SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183640-2/ https://www.suse.com/security/cve/CVE-2016-10350.html CVE-2016-10350 https://bugzilla.suse.com/1037009 SUSE Bug 1037009 libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. CVE-2017-14166 SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183640-2/ https://www.suse.com/security/cve/CVE-2017-14166.html CVE-2017-14166 https://bugzilla.suse.com/1057514 SUSE Bug 1057514 An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. CVE-2017-14501 SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183640-2/ https://www.suse.com/security/cve/CVE-2017-14501.html CVE-2017-14501 https://bugzilla.suse.com/1059139 SUSE Bug 1059139 read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. CVE-2017-14502 SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183640-2/ https://www.suse.com/security/cve/CVE-2017-14502.html CVE-2017-14502 https://bugzilla.suse.com/1059134 SUSE Bug 1059134 libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. CVE-2017-14503 SUSE Linux Enterprise Desktop 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Server 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libarchive13-3.1.2-26.3.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libarchive-devel-3.1.2-26.3.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183640-2/ https://www.suse.com/security/cve/CVE-2017-14503.html CVE-2017-14503 https://bugzilla.suse.com/1059100 SUSE Bug 1059100