Univention Bugzilla – Bug 48408
libarchive: Multiple issues (4.3)
Last modified: 2019-01-09 13:27:14 CET
New Debian libarchive 3.2.2-2+deb9u1 fixes: This update addresses the following issues: * NULL pointer dereference in archive_wstring_append_from_mbs function (CVE-2016-10209) * Heap-based buffer over-read in the archive_le32dec function (CVE-2016-10349) * Heap-based buffer over-read in the archive_read_format_cab_read_header function (CVE-2016-10350) * Heap-based buffer over-read in the atol8 function (CVE-2017-14166) * Out-of-bounds read in parse_file_info (CVE-2017-14501) * Off-by-one error in the read_header function (CVE-2017-14502) * Out-of-bounds read in lha_read_data_none (CVE-2017-14503) * libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. (CVE-2018-1000877) * libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. (CVE-2018-1000878) * libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file. (CVE-2018-1000880)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libarchive_3.2.2-2.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/libarchive_3.2.2-2+deb9u1.dsc @@ -1,3 +1,18 @@ +3.2.2-2+deb9u1 [Fri, 21 Dec 2018 21:11:50 +0100] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload. + * Fix the following security vulnerabilities: + CVE-2016-10209, CVE-2016-10349, CVE-2016-10350, CVE-2017-14166, + CVE-2017-14501, CVE-2017-14502, CVE-2017-14503, CVE-2018-1000877, + CVE-2018-1000878, CVE-2018-1000879 and CVE-2018-1000880. + Multiple security vulnerabilities were found in libarchive, a multi-format + archive and compression library. Heap-based buffer over-reads, NULL pointer + dereferences, use-after-frees and out-of-bounds reads allow remote + attackers to cause a denial-of-service (application crash) via specially + crafted archive files. + (Closes: #859456, #861609, #874539, #875966, #875974, #875960, #916964, + #916963, #916960) + 3.2.2-2 [Mon, 03 Apr 2017 22:20:05 +0200] Andreas Henriksson <andreas@fatal.se>: * Disable tests (Closes: #859455) <http://10.200.17.11/4.3-3/#5965341833370939909>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] 625046afd8 Bug #48408: libarchive 3.2.2-2+deb9u1 doc/errata/staging/libarchive.yaml | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) [4.3-3] 6a3570e827 Bug #48408: libarchive 3.2.2-2+deb9u1 doc/errata/staging/libarchive.yaml | 49 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+)
<http://errata.software-univention.de/ucs/4.3/392.html>