Univention Bugzilla – Full Text Bug Listing |
Summary: | libarchive: Multiple issues (4.1) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Arvid Requate <requate> |
Status: | CLOSED FIXED | QA Contact: | Janek Walkenhorst <walkenhorst> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann, jmm, requate, walkenhorst |
Version: | UCS 4.1 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 4.1-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Arvid Requate
2015-03-31 15:17:05 CEST
Fixed in upstream Debian package version 3.0.4-3+wheezy1 The following additional issues have been reported as fixed in Ubuntu: * NULL pointer access in CAB parser (CVE-2015-8917) * Heap out of bounds read in LHA/LZH parser (CVE-2015-8919) * Stack out of bounds read in ar parser (CVE-2015-8920) * Global out of bounds read in mtree parser (CVE-2015-8921) * NULL pointer access in 7z parser (CVE-2015-8922) * Unclear crashes in ZIP parser (CVE-2015-8923) * Heap out of bounds read in TAR parser (CVE-2015-8924) * Unclear invalid memory read in mtree parser (CVE-2015-8925) * NULL pointer access in RAR parser (CVE-2015-8926) * Heap out of bounds read in mtree parser (CVE-2015-8928) * Endless loop in ISO parser (CVE-2015-8930) * Undefined behavior (signed integer overflow) in mtree parser (CVE-2015-8931) * Undefined behavior / invalid shiftleft in TAR parser (CVE-2015-8932) * undefined behaviour / signed integer overflow in archive_read_format_tar_skip() (CVE-2015-8933) * out of bounds heap read in RAR parser (CVE-2015-8934) * 7-Zip read_SubStreamsInfo Integer Overflow (CVE-2016-4300) * Libarchive Rar RestartModel Heap Overflow (CVE-2016-4302) * Memory allocate error with symbolic links in cpio archives (CVE-2016-4809) * undefined behaviour (integer overflow) in iso parser (CVE-2016-5844) Of all of the above CVE-2016-4300 and CVE-2016-4302 have the highest impact: CVSS v2 Base score 6 AV:N/AC:M/Au:S/C:P/I:P/A:P Upstream Debian package version 3.0.4-3+wheezy2 fixes: CVE ID : CVE-2015-8917 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8924 CVE-2015-8925 CVE-2015-8926 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8933 CVE-2015-8934 CVE-2016-4300 CVE-2016-4302 CVE-2016-4809 CVE-2016-5844 Highest CVSS scores: CVE-2016-4300: CVSS v2 base score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P) CVE-2016-4302: CVSS v2 base score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P) libarchive (3.0.4-3+wheezy3) wheezy-security; urgency=high * Fix CVE-2015-8915, a out of bounds read using malformed cpio archive. * Fix CVE-2016-7166, a denial of service bug with gzip quine. Another one reported as fixed in the Debian Jessie package version: * The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. (CVE-2016-5418) Fixed in upstream Debian package version 3.0.4-3+wheezy4. additional issues fixed currently in Debian experimental only: * Stack based buffer overflow in bsdtar_expand_char (CVE-2016-8687) * Out of bounds heap read when parsing multiple long lines by mtree parser (CVE-2016-8688) * Heap buffer overflow in read_Header (CVE-2016-8689) Fixed in upstream Debian package version 3.0.4-3+wheezy5. Advisory: libarchive.yaml Tests (amd64): OK Advisory: Reformatted, OK |