Discover Government News

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201406-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: libarchive: Multiple vulnerabilities
     Date: June 01, 2014
     Bugs: #366687, #463632
       ID: 201406-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been found in libarchive, some of which
may allow execution of arbitrary code.

Background
=========
libarchive is a library for manipulating different streaming archive
formats, including certain tar variants, several cpio formats, and both
BSD and GNU ar variants.

Affected packages
================
    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  app-arch/libarchive         < 3.1.2-r1               >= 3.1.2-r1

Description
==========
Multiple vulnerabilities have been discovered in libarchive. Please
review the CVE identifiers referenced below for details.

Impact
=====
A remote attacker could entice a user or automated process to open a
specially crafted archive using an application linked against
libarchive, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All libarchive users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=app-arch/libarchive-3.1.2-r1"

Packages which depend on this library may need to be recompiled. Tools
such as revdep-rebuild may assist in identifying some of these
packages.

References
=========
[ 1 ] CVE-2010-4666
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4666
[ 2 ] CVE-2011-1777
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1777
[ 3 ] CVE-2011-1778
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1778
[ 4 ] CVE-2011-1779
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1779
[ 5 ] CVE-2013-0211
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0211

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201406-02

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5/

Gentoo: GLSA-201406-02: libarchive: Multiple vulnerabilities

Multiple vulnerabilities have been found in libarchive, some of which may allow execution of arbitrary code.

Summary

Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced below for details.

Resolution

All libarchive users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-arch/libarchive-3.1.2-r1"
Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.

References

[ 1 ] CVE-2010-4666 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4666 [ 2 ] CVE-2011-1777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1777 [ 3 ] CVE-2011-1778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1778 [ 4 ] CVE-2011-1779 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1779 [ 5 ] CVE-2013-0211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0211

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201406-02

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: Normal
Title: libarchive: Multiple vulnerabilities
Date: June 01, 2014
Bugs: #366687, #463632
ID: 201406-02

Synopsis

Multiple vulnerabilities have been found in libarchive, some of which may allow execution of arbitrary code.

Background

libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-arch/libarchive < 3.1.2-r1 >= 3.1.2-r1

Impact

===== A remote attacker could entice a user or automated process to open a specially crafted archive using an application linked against libarchive, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Related News