Bug 48408 - libarchive: Multiple issues (4.3)
libarchive: Multiple issues (4.3)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.3
All Linux
: P3 normal (vote)
: UCS 4.3-3-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-01-03 08:45 CET by Quality Assurance
Modified: 2019-01-09 13:27 CET (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 3.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) Debian RedHat


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2019-01-03 08:45:50 CET
New Debian libarchive 3.2.2-2+deb9u1 fixes:
This update addresses the following issues:
* NULL pointer dereference in archive_wstring_append_from_mbs function  (CVE-2016-10209)
* Heap-based buffer over-read in the archive_le32dec function  (CVE-2016-10349)
* Heap-based buffer over-read in the archive_read_format_cab_read_header  function (CVE-2016-10350)
* Heap-based buffer over-read in the atol8 function (CVE-2017-14166)
* Out-of-bounds read in parse_file_info (CVE-2017-14501)
* Off-by-one error in the read_header function (CVE-2017-14502)
* Out-of-bounds read in lha_read_data_none (CVE-2017-14503)
* libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards  (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in  RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(),  realloc(rar->lzss.window, new_size) with new_size = 0 that can result in  Crash/DoS. This attack appear to be exploitable via the victim must open a  specially crafted RAR archive. (CVE-2018-1000877)
* libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards  (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability  in RAR decoder - libarchive/archive_read_support_format_rar.c that can  result in Crash/DoS - it is unknown if RCE is possible. This attack appear  to be exploitable via the victim must open a specially crafted RAR archive.  (CVE-2018-1000878)
* libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards  (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation  vulnerability in WARC parser -  libarchive/archive_read_support_format_warc.c, _warc_read() that can result  in DoS - quasi-infinite run time and disk usage from tiny file. This attack  appear to be exploitable via the victim must open a specially crafted WARC  file. (CVE-2018-1000880)
Comment 1 Quality Assurance univentionstaff 2019-01-03 09:15:40 CET
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libarchive_3.2.2-2.dsc
+++ apt/ucs_4.3-0-errata4.3-3/source/libarchive_3.2.2-2+deb9u1.dsc
@@ -1,3 +1,18 @@
+3.2.2-2+deb9u1 [Fri, 21 Dec 2018 21:11:50 +0100] Markus Koschany <apo@debian.org>:
+
+  * Non-maintainer upload.
+  * Fix the following security vulnerabilities:
+    CVE-2016-10209, CVE-2016-10349, CVE-2016-10350, CVE-2017-14166,
+    CVE-2017-14501, CVE-2017-14502, CVE-2017-14503, CVE-2018-1000877,
+    CVE-2018-1000878, CVE-2018-1000879 and CVE-2018-1000880.
+    Multiple security vulnerabilities were found in libarchive, a multi-format
+    archive and compression library. Heap-based buffer over-reads, NULL pointer
+    dereferences, use-after-frees and out-of-bounds reads allow remote
+    attackers to cause a denial-of-service (application crash) via specially
+    crafted archive files.
+    (Closes: #859456, #861609, #874539, #875966, #875974, #875960, #916964,
+    #916963, #916960)
+
 3.2.2-2 [Mon, 03 Apr 2017 22:20:05 +0200] Andreas Henriksson <andreas@fatal.se>:
 
   * Disable tests (Closes: #859455)

<http://10.200.17.11/4.3-3/#5965341833370939909>
Comment 2 Philipp Hahn univentionstaff 2019-01-03 11:06:05 CET
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.3-3] 625046afd8 Bug #48408: libarchive 3.2.2-2+deb9u1
 doc/errata/staging/libarchive.yaml | 26 +++++++++++---------------
 1 file changed, 11 insertions(+), 15 deletions(-)

[4.3-3] 6a3570e827 Bug #48408: libarchive 3.2.2-2+deb9u1
 doc/errata/staging/libarchive.yaml | 49 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
Comment 3 Arvid Requate univentionstaff 2019-01-09 13:27:14 CET
<http://errata.software-univention.de/ucs/4.3/392.html>