SUSE: 2017:2451-1 Critical: Zlib Uncompression Error and Data Corruption

suse

August 2, 2016

An update that fixes 7 vulnerabilities is now available

Summary

bsdtar was updated to fix seven security issues. These security issues were fixed: - CVE-2015-8929: Memory leak in tar parser (bsc#985669). - CVE-2016-4809: Memory allocate error with symbolic links in cpio archives (bsc#984990). - CVE-2015-8920: Stack out of bounds read in ar parser (bsc#985675). - CVE-2015-8921: Global out of bounds read in mtree parser (bsc#985682). - CVE-2015-8924: Heap buffer read overflow in tar (bsc#985609). - CVE-2015-8918: Overlapping memcpy in CAB parser (bsc#985698). - CVE-2015-2304: Reject absolute paths in input mode of bsdcpio exactly when '..' is rejected (bsc#920870). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3:

Topics Covered

security advisory buffer overflow software update important memory leak SUSE bsdtar

References

#920870 #984990 #985609 #985669 #985675 #985682

#985698

Cross- CVE-2015-2304 CVE-2015-8918 CVE-2015-8920

CVE-2015-8921 CVE-2015-8924 CVE-2015-8929

CVE-2016-4809

Affected Products:

SUSE Studio Onsite 1.3

SUSE OpenStack Cloud 5

SUSE Manager Proxy 2.1

SUSE Manager 2.1

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Server 11-SP3-LTSS

SUSE Linux Enterprise Server 11-SP2-LTSS

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2015-2304.html

https://www.suse.com/security/cve/CVE-2015-8918.html

https://www.suse.com/security/cve/CVE-2015-8920.html

https://www.suse.com/security/cve/CVE-2015-8921.html

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2016:1939-1

Rating: important

Topics Covered

security advisory buffer overflow software update important memory leak SUSE bsdtar

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2017:2451-1 Critical: Zlib Uncompression Error and Data Corruption

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2017:2451-1 Critical: Zlib Uncompression Error and Data Corruption

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!