Oval Definition:oval:org.opensuse.security:def:56655
Revision Date:2020-12-01Version:1
Title:Security update for libarchive (Moderate)
Description:

This update for libarchive fixes the following issues:

- CVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (bsc#1032089) - CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037008) - CVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037009) - CVE-2017-14166: libarchive allowed remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. (bsc#1057514) - CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139) - CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134) - CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100)

Family:unixClass:patch
Status:Reference(s):1031702
1032089
1037008
1037009
1037396
1041764
1045327
1049302
1049305
1049306
1049307
1049308
1049309
1049310
1049311
1049312
1049313
1049314
1049315
1049316
1049317
1049318
1049319
1049320
1049321
1049322
1049323
1049324
1049325
1049326
1049327
1049328
1049329
1049330
1049331
1049332
1052916
1057514
1057950
1059100
1059134
1059139
1065083
1073313
1085130
1085671
1086036
1087059
1094508
1100097
1103276
1111014
1115034
1116574
1120943
1142772
1145692
1146358
1146359
1155787
1160770
960996
962743
969820
971804
972907
973639
974220
CVE-2014-9273
CVE-2015-7575
CVE-2015-8126
CVE-2016-0402
CVE-2016-0448
CVE-2016-0466
CVE-2016-0475
CVE-2016-0483
CVE-2016-0494
CVE-2016-10209
CVE-2016-10349
CVE-2016-10350
CVE-2016-1601
CVE-2016-2774
CVE-2017-1000251
CVE-2017-10053
CVE-2017-10067
CVE-2017-10074
CVE-2017-10078
CVE-2017-10081
CVE-2017-10086
CVE-2017-10087
CVE-2017-10089
CVE-2017-10090
CVE-2017-10096
CVE-2017-10101
CVE-2017-10102
CVE-2017-10105
CVE-2017-10107
CVE-2017-10108
CVE-2017-10109
CVE-2017-10110
CVE-2017-10111
CVE-2017-10114
CVE-2017-10115
CVE-2017-10116
CVE-2017-10118
CVE-2017-10125
CVE-2017-10135
CVE-2017-10176
CVE-2017-10193
CVE-2017-10198
CVE-2017-10243
CVE-2017-14166
CVE-2017-14501
CVE-2017-14502
CVE-2017-14503
CVE-2017-15274
CVE-2017-17740
CVE-2017-2518
CVE-2017-2885
CVE-2017-9287
CVE-2018-12910
CVE-2018-13785
CVE-2018-15468
CVE-2018-17963
CVE-2018-20030
CVE-2018-3136
CVE-2018-3139
CVE-2018-3149
CVE-2018-3169
CVE-2018-3180
CVE-2018-3214
CVE-2018-5125
CVE-2018-5127
CVE-2018-5129
CVE-2018-5130
CVE-2018-5131
CVE-2018-5144
CVE-2018-5145
CVE-2018-5146
CVE-2018-5147
CVE-2018-5148
CVE-2019-1010180
CVE-2019-8675
CVE-2019-8696
CVE-2019-9278
SUSE-SU-2016:0256-1
SUSE-SU-2016:1138-1
SUSE-SU-2016:1791-1
SUSE-SU-2017:2175-1
SUSE-SU-2017:2786-1
SUSE-SU-2018:0850-1
SUSE-SU-2018:2204-2
SUSE-SU-2018:3332-1
SUSE-SU-2018:3640-1
SUSE-SU-2018:3933-1
SUSE-SU-2019:2914-1
SUSE-SU-2019:3050-1
SUSE-SU-2019:3057-1
SUSE-SU-2020:0457-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • kbd-2.0.4-lp150.6 is installed
  • OR kbd-legacy-2.0.4-lp150.6 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • MozillaThunderbird-60.7.0-lp151.2.4 is installed
  • OR MozillaThunderbird-buildsymbols-60.7.0-lp151.2.4 is installed
  • OR MozillaThunderbird-translations-common-60.7.0-lp151.2.4 is installed
  • OR MozillaThunderbird-translations-other-60.7.0-lp151.2.4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • libarchive-3.1.2-26.3 is installed
  • OR libarchive13-3.1.2-26.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • dhcp-4.3.3-9 is installed
  • OR dhcp-client-4.3.3-9 is installed
  • OR dhcp-relay-4.3.3-9 is installed
  • OR dhcp-server-4.3.3-9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_67-60_64_24-default-9-4 is installed
  • OR kgraft-patch-3_12_67-60_64_24-xen-9-4 is installed
  • OR kgraft-patch-SLE12-SP1_Update_11-9-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • libhivex0-1.3.10-4 is installed
  • OR perl-Win-Hivex-1.3.10-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • libsystemd0-228-150.58 is installed
  • OR libsystemd0-32bit-228-150.58 is installed
  • OR libudev1-228-150.58 is installed
  • OR libudev1-32bit-228-150.58 is installed
  • OR systemd-228-150.58 is installed
  • OR systemd-32bit-228-150.58 is installed
  • OR systemd-bash-completion-228-150.58 is installed
  • OR systemd-sysvinit-228-150.58 is installed
  • OR udev-228-150.58 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND ucode-intel-20180703-13.25 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_103-92_56-default-6-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_17-6-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • gpgme-1.5.1-1 is installed
  • OR libgpgme11-1.5.1-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • gcc9-9.2.1+r275327-1.3 is installed
  • OR libasan5-9.2.1+r275327-1.3 is installed
  • OR libasan5-32bit-9.2.1+r275327-1.3 is installed
  • OR libatomic1-9.2.1+r275327-1.3 is installed
  • OR libatomic1-32bit-9.2.1+r275327-1.3 is installed
  • OR libgcc_s1-9.2.1+r275327-1.3 is installed
  • OR libgcc_s1-32bit-9.2.1+r275327-1.3 is installed
  • OR libgfortran5-9.2.1+r275327-1.3 is installed
  • OR libgfortran5-32bit-9.2.1+r275327-1.3 is installed
  • OR libgo14-9.2.1+r275327-1.3 is installed
  • OR libgo14-32bit-9.2.1+r275327-1.3 is installed
  • OR libgomp1-9.2.1+r275327-1.3 is installed
  • OR libgomp1-32bit-9.2.1+r275327-1.3 is installed
  • OR libitm1-9.2.1+r275327-1.3 is installed
  • OR libitm1-32bit-9.2.1+r275327-1.3 is installed
  • OR liblsan0-9.2.1+r275327-1.3 is installed
  • OR libquadmath0-9.2.1+r275327-1.3 is installed
  • OR libquadmath0-32bit-9.2.1+r275327-1.3 is installed
  • OR libstdc++6-9.2.1+r275327-1.3 is installed
  • OR libstdc++6-32bit-9.2.1+r275327-1.3 is installed
  • OR libstdc++6-locale-9.2.1+r275327-1.3 is installed
  • OR libtsan0-9.2.1+r275327-1.3 is installed
  • OR libubsan1-9.2.1+r275327-1.3 is installed
  • OR libubsan1-32bit-9.2.1+r275327-1.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_180-94_97-default-3-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_26-3-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • expat-2.1.0-21.3 is installed
  • OR libexpat1-2.1.0-21.3 is installed
  • OR libexpat1-32bit-2.1.0-21.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.144-27.5 is installed
  • OR java-1_8_0-openjdk-demo-1.8.0.144-27.5 is installed
  • OR java-1_8_0-openjdk-devel-1.8.0.144-27.5 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.144-27.5 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • xen-4.7.6_05-43.42 is installed
  • OR xen-doc-html-4.7.6_05-43.42 is installed
  • OR xen-libs-4.7.6_05-43.42 is installed
  • OR xen-libs-32bit-4.7.6_05-43.42 is installed
  • OR xen-tools-4.7.6_05-43.42 is installed
  • OR xen-tools-domU-4.7.6_05-43.42 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND python-SQLAlchemy-1.2.10-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND permissions-2015.09.28.1626-17.20 is installed
    • BACK