Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 557
Alerts This Week
Warning Icon 1 557

SUSE: 2018:3640-2 Moderate: Libarchive Denial of Service Fix

suse
Calendar Grey December 7, 2018
Dist Suse Esm H88
SUSE Security Patch addresses 6 vulnerabilities found in libssl; apply the required updates to protect your infrastructure.
An update that fixes 7 vulnerabilities is now available

Summary

This update for libarchive fixes the following issues: - CVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (bsc#1032089) - CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037008) - CVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037009)

References

#1032089 #1037008 #1037009 #1057514 #1059100

#1059134 #1059139

Cross- CVE-2016-10209 CVE-2016-10349 CVE-2016-10350

CVE-2017-14166 CVE-2017-14501 CVE-2017-14502

CVE-2017-14503

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP4

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Desktop 12-SP4

https://www.suse.com/security/cve/CVE-2016-10209.html

https://www.suse.com/security/cve/CVE-2016-10349.html

https://www.suse.com/security/cve/CVE-2016-10350.html

https://www.suse.com/security/cve/CVE-2017-14166.html

https://www.suse.com/security/cve/CVE-2017-14501.html

https://www.suse.com/security/cve/CVE-2017-14502.html

https://www.suse.com/security/cve/CVE-2017-14503.html

https://bugzilla.suse.com/1032089

Announcement ID: SUSE-SU-2018:3640-2
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.