Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 528
Alerts This Week
Warning Icon 1 528

SUSE 15: SUSE-SU-2018:3571-1 Moderate: Libarchive Out-Of-Bounds Issues

suse
Calendar Grey October 30, 2018
Dist Suse Esm H88
The latest libarchive patch fixes three major vulnerabilities, improving both security and performance for users of SUSE.
An update that fixes three vulnerabilities is now available

Summary

This update for libarchive fixes the following issues: - CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139) - CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134) - CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100) Patch Instructions:

References

#1059100 #1059134 #1059139

Cross- CVE-2017-14501 CVE-2017-14502 CVE-2017-14503

Affected Products:

SUSE Linux Enterprise Module for Development Tools 15

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2017-14501.html

https://www.suse.com/security/cve/CVE-2017-14502.html

https://www.suse.com/security/cve/CVE-2017-14503.html

https://bugzilla.suse.com/1059100

https://bugzilla.suse.com/1059134

https://bugzilla.suse.com/1059139

Announcement ID: SUSE-SU-2018:3571-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.