Oval Definition:oval:org.opensuse.security:def:55941
Revision Date:2021-08-25Version:1
Title:Security update for unrar (Moderate)
Description:

This update for unrar to version 5.6.1 fixes several issues.

These security issues were fixed:

- CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038). - CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038). - CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038). - CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038). - CVE-2017-20006: Fixed heap-based buffer overflow in Unpack:CopyString (bsc#1187974).

These non-security issues were fixed:

- Added extraction support for .LZ archives created by Lzip compressor - Enable unpacking of files in ZIP archives compressed with XZ algorithm and encrypted with AES - Added support for PAX extended headers inside of TAR archive - If RAR recovery volumes (.rev files) are present in the same folder as usual RAR volumes, archive test command verifies .rev contents after completing testing .rar files - By default unrar skips symbolic links with absolute paths in link target when extracting unless -ola command line switch is specified - Added support for AES-NI CPU instructions - Support for a new RAR 5.0 archiving format - Wildcard exclusion mask for folders - Prevent conditional jumps depending on uninitialised values (bsc#1046882)
Family:unixClass:patch
Status:Reference(s):1020427
1021741
1025109
1025311
1028184
1028656
1030624
1032075
1033619
1034866
1034908
1035406
1035950
1036211
1037242
1037334
1037336
1039495
1042159
1042800
1042801
1043073
1043296
1045035
1046636
1046882
1047674
1048902
1049381
1054038
1054724
1056334
1057378
1057585
1062069
1063122
1107832
1108963
1110233
1133037
1133191
1136446
1137597
1141619
1145092
1187974
808355
835827
836937
852368
872848
885882
907074
930721
942317
950944
956988
957226
959277
961721
962736
962737
962738
962739
977446
977450
977451
977452
977455
977457
977458
977459
977461
977464
983273
991444
991445
991872
994418
994605
CVE-2010-0624
CVE-2012-6706
CVE-2013-0200
CVE-2013-4325
CVE-2013-6402
CVE-2014-4650
CVE-2014-9087
CVE-2014-9112
CVE-2014-9761
CVE-2015-3226
CVE-2015-3227
CVE-2015-7201
CVE-2015-7202
CVE-2015-7205
CVE-2015-7210
CVE-2015-7212
CVE-2015-7213
CVE-2015-7214
CVE-2015-7222
CVE-2015-7547
CVE-2015-7704
CVE-2015-7705
CVE-2015-7974
CVE-2015-8776
CVE-2015-8777
CVE-2015-8778
CVE-2015-8779
CVE-2015-8899
CVE-2016-1547
CVE-2016-1548
CVE-2016-1549
CVE-2016-1550
CVE-2016-1551
CVE-2016-2516
CVE-2016-2517
CVE-2016-2518
CVE-2016-2519
CVE-2016-5010
CVE-2016-6491
CVE-2016-6520
CVE-2016-6834
CVE-2016-6835
CVE-2016-9602
CVE-2016-9603
CVE-2017-10664
CVE-2017-10806
CVE-2017-10911
CVE-2017-11334
CVE-2017-11434
CVE-2017-12809
CVE-2017-12938
CVE-2017-12940
CVE-2017-12941
CVE-2017-12942
CVE-2017-13672
CVE-2017-14167
CVE-2017-15038
CVE-2017-15289
CVE-2017-20006
CVE-2017-3058
CVE-2017-3059
CVE-2017-3060
CVE-2017-3061
CVE-2017-3062
CVE-2017-3063
CVE-2017-3064
CVE-2017-5579
CVE-2017-5973
CVE-2017-5987
CVE-2017-6505
CVE-2017-7377
CVE-2017-7471
CVE-2017-7493
CVE-2017-7718
CVE-2017-7980
CVE-2017-8086
CVE-2017-8112
CVE-2017-8309
CVE-2017-8379
CVE-2017-8380
CVE-2017-9330
CVE-2017-9373
CVE-2017-9374
CVE-2017-9375
CVE-2017-9503
CVE-2018-14633
CVE-2018-14634
CVE-2018-17182
CVE-2019-1010006
CVE-2019-10208
CVE-2019-11459
CVE-2019-11477
CVE-2019-11478
CVE-2019-11487
CVE-2019-3846
SUSE-SU-2015:2334-1
SUSE-SU-2016:0472-1
SUSE-SU-2016:1291-1
SUSE-SU-2016:2076-1
SUSE-SU-2016:3269-1
SUSE-SU-2017:0990-1
SUSE-SU-2017:2946-1
SUSE-SU-2019:2098-1
SUSE-SU-2019:2158-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP2-LTSS-ERICSSON
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • libXvnc1-1.8.0-lp150.9 is installed
  • OR tigervnc-1.8.0-lp150.9 is installed
  • OR xorg-x11-Xvnc-1.8.0-lp150.9 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • update-test-32bit-pkg-5.1-lp151.12 is installed
  • OR update-test-affects-package-manager-5.1-lp151.12 is installed
  • OR update-test-broken-5.1-lp151.12 is installed
  • OR update-test-feature-5.1-lp151.12 is installed
  • OR update-test-interactive-5.1-lp151.12 is installed
  • OR update-test-optional-5.1-lp151.12 is installed
  • OR update-test-reboot-needed-5.1-lp151.12 is installed
  • OR update-test-relogin-suggested-5.1-lp151.12 is installed
  • OR update-test-security-5.1-lp151.12 is installed
  • OR update-test-trivial-5.1-lp151.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • MozillaFirefox-38.5.0esr-28 is installed
  • OR MozillaFirefox-translations-38.5.0esr-28 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • glibc-2.11.3-17.95 is installed
  • OR glibc-32bit-2.11.3-17.95 is installed
  • OR glibc-devel-2.11.3-17.95 is installed
  • OR glibc-devel-32bit-2.11.3-17.95 is installed
  • OR glibc-i18ndata-2.11.3-17.95 is installed
  • OR glibc-locale-2.11.3-17.95 is installed
  • OR glibc-locale-32bit-2.11.3-17.95 is installed
  • OR nscd-2.11.3-17.95 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • ntp-4.2.8p7-11 is installed
  • OR ntp-doc-4.2.8p7-11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • cpio-2.11-29 is installed
  • OR cpio-lang-2.11-29 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • qemu-2.3.1-33.3 is installed
  • OR qemu-block-curl-2.3.1-33.3 is installed
  • OR qemu-block-rbd-2.3.1-33.3 is installed
  • OR qemu-guest-agent-2.3.1-33.3 is installed
  • OR qemu-ipxe-1.0.0-33.3 is installed
  • OR qemu-kvm-2.3.1-33.3 is installed
  • OR qemu-lang-2.3.1-33.3 is installed
  • OR qemu-ppc-2.3.1-33.3 is installed
  • OR qemu-s390-2.3.1-33.3 is installed
  • OR qemu-seabios-1.8.1-33.3 is installed
  • OR qemu-sgabios-8-33.3 is installed
  • OR qemu-tools-2.3.1-33.3 is installed
  • OR qemu-vgabios-1.8.1-33.3 is installed
  • OR qemu-x86-2.3.1-33.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND dnsmasq-2.71-10 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • libmysqlclient18-10.0.35-29.20 is installed
  • OR libmysqlclient18-32bit-10.0.35-29.20 is installed
  • OR mariadb-10.0.35-29.20 is installed
  • OR mariadb-client-10.0.35-29.20 is installed
  • OR mariadb-errormessages-10.0.35-29.20 is installed
  • OR mariadb-tools-10.0.35-29.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • glibc-2.22-62.13 is installed
  • OR glibc-32bit-2.22-62.13 is installed
  • OR glibc-devel-2.22-62.13 is installed
  • OR glibc-devel-32bit-2.22-62.13 is installed
  • OR glibc-html-2.22-62.13 is installed
  • OR glibc-i18ndata-2.22-62.13 is installed
  • OR glibc-info-2.22-62.13 is installed
  • OR glibc-locale-2.22-62.13 is installed
  • OR glibc-locale-32bit-2.22-62.13 is installed
  • OR glibc-profile-2.22-62.13 is installed
  • OR glibc-profile-32bit-2.22-62.13 is installed
  • OR nscd-2.22-62.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_59-92_24-default-11-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_9-11-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND libmms0-0.6.2-15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • glibc-2.22-62.22 is installed
  • OR glibc-32bit-2.22-62.22 is installed
  • OR glibc-devel-2.22-62.22 is installed
  • OR glibc-devel-32bit-2.22-62.22 is installed
  • OR glibc-html-2.22-62.22 is installed
  • OR glibc-i18ndata-2.22-62.22 is installed
  • OR glibc-info-2.22-62.22 is installed
  • OR glibc-locale-2.22-62.22 is installed
  • OR glibc-locale-32bit-2.22-62.22 is installed
  • OR glibc-profile-2.22-62.22 is installed
  • OR glibc-profile-32bit-2.22-62.22 is installed
  • OR nscd-2.22-62.22 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libopenssl-devel-1.0.2j-60.39 is installed
  • OR libopenssl1_0_0-1.0.2j-60.39 is installed
  • OR libopenssl1_0_0-32bit-1.0.2j-60.39 is installed
  • OR libopenssl1_0_0-hmac-1.0.2j-60.39 is installed
  • OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.39 is installed
  • OR openssl-1.0.2j-60.39 is installed
  • OR openssl-doc-1.0.2j-60.39 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • MozillaFirefox-52.9.0esr-109.38 is installed
  • OR MozillaFirefox-translations-52.9.0esr-109.38 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND ruby2.1-rubygem-activesupport-4_2-4.2.2-2 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • storm-1.0.5-5 is installed
  • OR storm-nimbus-1.0.5-5 is installed
  • OR storm-supervisor-1.0.5-5 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND ppp-2.4.7-4.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • crowbar-core-5.0+git.1585575551.16781d00d-3.38 is installed
  • OR crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38 is installed
  • OR crowbar-ha-5.0+git.1585316176.344190f-3.32 is installed
  • OR crowbar-openstack-5.0+git.1585304226.2164b7895-4.37 is installed
  • OR documentation-suse-openstack-cloud-deployment-8.20200319-1.23 is installed
  • OR documentation-suse-openstack-cloud-supplement-8.20200319-1.23 is installed
  • OR documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23 is installed
  • OR documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23 is installed
  • OR memcached-1.5.17-3.3 is installed
  • OR openstack-manila-5.1.1~dev5-3.26 is installed
  • OR openstack-manila-api-5.1.1~dev5-3.26 is installed
  • OR openstack-manila-data-5.1.1~dev5-3.26 is installed
  • OR openstack-manila-doc-5.1.1~dev5-3.26 is installed
  • OR openstack-manila-scheduler-5.1.1~dev5-3.26 is installed
  • OR openstack-manila-share-5.1.1~dev5-3.26 is installed
  • OR openstack-neutron-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-dhcp-agent-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-doc-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-ha-tool-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-l3-agent-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-macvtap-agent-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-metadata-agent-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-metering-agent-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30 is installed
  • OR openstack-neutron-server-11.0.9~dev63-3.30 is installed
  • OR openstack-nova-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-api-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-cells-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-compute-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-conductor-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-console-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-consoleauth-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-doc-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-novncproxy-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-placement-api-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-scheduler-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-serialproxy-16.1.9~dev61-3.35 is installed
  • OR openstack-nova-vncproxy-16.1.9~dev61-3.35 is installed
  • OR python-amqp-2.4.2-3.9 is installed
  • OR python-manila-5.1.1~dev5-3.26 is installed
  • OR python-neutron-11.0.9~dev63-3.30 is installed
  • OR python-nova-16.1.9~dev61-3.35 is installed
  • OR ruby2.1-rubygem-puma-2.16.0-3.6 is installed
  • OR rubygem-puma-2.16.0-3.6 is installed
  • OR zookeeper-3.4.10-3.6 is installed
  • OR zookeeper-server-3.4.10-3.6 is installed
    • BACK