SUSE-SU-2016:2911-1 -- SLES libarchive-debugsource, libarchive13ID: oval:org.secpod.oval:def:89045181 | Date: (C)2021-08-03 (M)2021-11-09 |
Class: PATCH | Family: unix |
This update for libarchive fixes several issues. These security issues were fixed: - CVE-2016-8687: Buffer overflow when printing a filename . - CVE-2016-8689: Heap overflow when reading corrupted 7Zip files . - CVE-2016-8688: Use after free because of incorrect calculation in next_line . - CVE-2016-5844: Integer overflow in the ISO parser in libarchive allowed remote attackers to cause a denial of service via a crafted ISO file . - CVE-2016-6250: Integer overflow in the ISO9660 writer in libarchive allowed remote attackers to cause a denial of service or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow . - CVE-2016-5418: The sandboxing code in libarchive mishandled hardlink archive entries of non-zero data size, which might allowed remote attackers to write to arbitrary files via a crafted archive file .
Platform: |
SUSE Linux Enterprise Server 12 SP2 |
Product: |
libarchive-debugsource |
libarchive13 |