Oval Definition:	oval:org.opensuse.security:def:60341
Revision Date: 2021-08-25 Version: 1 Title: Security update for unrar (Moderate) Description: This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed: - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038). - CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038). - CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038). - CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038). - CVE-2017-20006: Fixed heap-based buffer overflow in Unpack:CopyString (bsc#1187974). These non-security issues were fixed: - Added extraction support for .LZ archives created by Lzip compressor - Enable unpacking of files in ZIP archives compressed with XZ algorithm and encrypted with AES - Added support for PAX extended headers inside of TAR archive - If RAR recovery volumes (.rev files) are present in the same folder as usual RAR volumes, archive test command verifies .rev contents after completing testing .rar files - By default unrar skips symbolic links with absolute paths in link target when extracting unless -ola command line switch is specified - Added support for AES-NI CPU instructions - Support for a new RAR 5.0 archiving format - Wildcard exclusion mask for folders - Prevent conditional jumps depending on uninitialised values (bsc#1046882) Family: unix Class: patch Status: Reference(s): 1012382 1013882 1015342 1015343 1017967 1019695 1019699 1020412 1021121 1022604 1024361 1024365 1024376 1027968 1030552 1031492 1033962 1042286 1042824 1042911 1046882 1048110 1048272 1048317 1049374 1049375 1050048 1050119 1050122 1050126 1050132 1050431 1050617 1052207 1052248 1052251 1052254 1052472 1052688 1052711 1052747 1052750 1052754 1052761 1053685 1054038 1055014 1055069 1055229 1056596 1056768 1057163 1058009 1062604 1063646 1064232 1065364 1066223 1068032 1068075 1069138 1072898 1074119 1074170 1075821 1076182 1078433 1078921 1080157 1083663 1085042 1085536 1085539 1086457 1087092 1089066 1090888 1091171 1091860 1096254 1096748 1097105 1097938 1098253 1098683 1098822 1099597 1099810 1099811 1099813 1099832 1099844 1099845 1099846 1099849 1099863 1099864 1099922 1099999 1100000 1100001 1100132 1101676 1101677 1101678 1101822 1101841 1102346 1102486 1102517 1102715 1102797 1103269 1103342 1103445 1103717 1104319 1104485 1104494 1104495 1104683 1104897 1105271 1105292 1105322 1105323 1105392 1105396 1105524 1105536 1105769 1106016 1106105 1106185 1106229 1106271 1106275 1106276 1106278 1106281 1106283 1106369 1106383 1106509 1106511 1106697 1106929 1106934 1106995 1107060 1107078 1107319 1107320 1107689 1107735 1107966 1111858 1111859 1112368 1112377 1112384 1112386 1112391 1112397 1112404 1112415 1112417 1112421 1112432 1116686 1118754 1120041 1120629 1120630 1120631 1127155 1131823 1133037 1133495 1137977 1139459 1141619 1151377 1151506 1154043 1154609 1155574 1156482 1159814 1162108 1173274 1174955 1176409 1176412 1177155 1187974 963575 966170 966172 969470 969476 969477 970506 CVE-2002-2443 CVE-2006-4197 CVE-2009-0023 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847 CVE-2009-2412 CVE-2009-3295 CVE-2009-3560 CVE-2009-3720 CVE-2009-4212 CVE-2010-0283 CVE-2010-0628 CVE-2010-1320 CVE-2010-1321 CVE-2010-1322 CVE-2010-1323 CVE-2010-1324 CVE-2010-1623 CVE-2010-4020 CVE-2010-4021 CVE-2010-4022 CVE-2011-0281 CVE-2011-0282 CVE-2011-0284 CVE-2011-0285 CVE-2011-1527 CVE-2011-1528 CVE-2011-1529 CVE-2011-1530 CVE-2012-1012 CVE-2012-1013 CVE-2012-1016 CVE-2012-6706 CVE-2013-1415 CVE-2013-1417 CVE-2013-1418 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CVE-2014-5351 CVE-2014-5352 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 CVE-2015-1038 CVE-2015-2694 CVE-2015-2695 CVE-2015-2696 CVE-2015-2697 CVE-2015-2698 CVE-2015-4000 CVE-2015-8025 CVE-2015-8629 CVE-2015-8630 CVE-2015-8631 CVE-2016-2335 CVE-2016-3119 CVE-2016-3120 CVE-2016-9843 CVE-2017-11166 CVE-2017-11170 CVE-2017-11448 CVE-2017-11450 CVE-2017-11528 CVE-2017-11530 CVE-2017-11531 CVE-2017-11533 CVE-2017-11537 CVE-2017-11638 CVE-2017-11642 CVE-2017-12418 CVE-2017-12427 CVE-2017-12429 CVE-2017-12432 CVE-2017-12566 CVE-2017-12654 CVE-2017-12663 CVE-2017-12664 CVE-2017-12665 CVE-2017-12668 CVE-2017-12674 CVE-2017-12938 CVE-2017-12940 CVE-2017-12941 CVE-2017-12942 CVE-2017-13058 CVE-2017-13131 CVE-2017-14060 CVE-2017-14139 CVE-2017-14224 CVE-2017-17682 CVE-2017-17885 CVE-2017-17934 CVE-2017-18028 CVE-2017-20006 CVE-2017-9405 CVE-2017-9407 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-10902 CVE-2018-10938 CVE-2018-1128 CVE-2018-1129 CVE-2018-12896 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-15572 CVE-2018-16658 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 CVE-2018-3058 CVE-2018-3060 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3162 CVE-2018-3173 CVE-2018-3174 CVE-2018-3185 CVE-2018-3200 CVE-2018-3251 CVE-2018-3277 CVE-2018-3282 CVE-2018-3284 CVE-2018-5357 CVE-2018-6405 CVE-2018-6554 CVE-2018-6555 CVE-2018-9363 CVE-2019-1010006 CVE-2019-11459 CVE-2019-18197 CVE-2020-14392 CVE-2020-14393 CVE-2020-14422 CVE-2020-15708 CVE-2020-1712 CVE-2020-25637 SUSE-SU-2018:0581-1 SUSE-SU-2018:2776-1 SUSE-SU-2019:0628-1 SUSE-SU-2019:2080-1 SUSE-SU-2020:0331-1 SUSE-SU-2020:0920-2 SUSE-SU-2020:2157-1 SUSE-SU-2020:2660-1 SUSE-SU-2020:2661-1 SUSE-SU-2020:3095-1 SUSE-SU-2021:2834-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information evince-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-devel-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-lang-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-comicsdocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-djvudocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-dvidocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-pdfdocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-psdocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-tiffdocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-xpsdocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR libevdocument3-4-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR libevview3-3-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR nautilus-evince-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR typelib-1_0-EvinceDocument-3_0-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR typelib-1_0-EvinceView-3_0-3.26.0+20180128.1bd86963-lp151.4.6 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libopenssl-1_0_0-devel-1.0.2p-lp151.5.3 is installed OR libopenssl-1_0_0-devel-32bit-1.0.2p-lp151.5.3 is installed OR libopenssl1_0_0-1.0.2p-lp151.5.3 is installed OR libopenssl1_0_0-32bit-1.0.2p-lp151.5.3 is installed OR libopenssl1_0_0-hmac-1.0.2p-lp151.5.3 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2p-lp151.5.3 is installed OR openssl-1_0_0-1.0.2p-lp151.5.3 is installed OR openssl-1_0_0-cavs-1.0.2p-lp151.5.3 is installed OR openssl-1_0_0-doc-1.0.2p-lp151.5.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information krb5-1.12.5-39 is installed OR krb5-32bit-1.12.5-39 is installed OR krb5-client-1.12.5-39 is installed OR krb5-doc-1.12.5-39 is installed OR krb5-plugin-kdb-ldap-1.12.5-39 is installed OR krb5-plugin-preauth-otp-1.12.5-39 is installed OR krb5-plugin-preauth-pkinit-1.12.5-39 is installed OR krb5-server-1.12.5-39 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND python-ipaddress-1.0.18-3.13 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information java-1_7_1-ibm-1.7.1_sr4.65-38.53 is installed OR java-1_7_1-ibm-alsa-1.7.1_sr4.65-38.53 is installed OR java-1_7_1-ibm-devel-1.7.1_sr4.65-38.53 is installed OR java-1_7_1-ibm-jdbc-1.7.1_sr4.65-38.53 is installed OR java-1_7_1-ibm-plugin-1.7.1_sr4.65-38.53 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information evince-3.20.2-6.27 is installed OR evince-browser-plugin-3.20.2-6.27 is installed OR evince-lang-3.20.2-6.27 is installed OR evince-plugin-djvudocument-3.20.2-6.27 is installed OR evince-plugin-dvidocument-3.20.2-6.27 is installed OR evince-plugin-pdfdocument-3.20.2-6.27 is installed OR evince-plugin-psdocument-3.20.2-6.27 is installed OR evince-plugin-tiffdocument-3.20.2-6.27 is installed OR evince-plugin-xpsdocument-3.20.2-6.27 is installed OR libevdocument3-4-3.20.2-6.27 is installed OR libevview3-3-3.20.2-6.27 is installed OR nautilus-evince-3.20.2-6.27 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND shadow-4.2.1-27.12 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information gpgme-1.5.1-1 is installed OR libgpgme11-1.5.1-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4-LTSS is installed AND Package Information libfreebl3-3.53.1-58.48 is installed OR libfreebl3-32bit-3.53.1-58.48 is installed OR libfreebl3-hmac-3.53.1-58.48 is installed OR libfreebl3-hmac-32bit-3.53.1-58.48 is installed OR libsoftokn3-3.53.1-58.48 is installed OR libsoftokn3-32bit-3.53.1-58.48 is installed OR libsoftokn3-hmac-3.53.1-58.48 is installed OR libsoftokn3-hmac-32bit-3.53.1-58.48 is installed OR mozilla-nspr-4.25-19.15 is installed OR mozilla-nspr-32bit-4.25-19.15 is installed OR mozilla-nspr-devel-4.25-19.15 is installed OR mozilla-nss-3.53.1-58.48 is installed OR mozilla-nss-32bit-3.53.1-58.48 is installed OR mozilla-nss-certs-3.53.1-58.48 is installed OR mozilla-nss-certs-32bit-3.53.1-58.48 is installed OR mozilla-nss-devel-3.53.1-58.48 is installed OR mozilla-nss-sysinit-3.53.1-58.48 is installed OR mozilla-nss-sysinit-32bit-3.53.1-58.48 is installed OR mozilla-nss-tools-3.53.1-58.48 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 12 SP5 is installed AND unrar-5.6.1-4.5.1 is installed OR Package Information SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed AND unrar-5.6.1-4.5.1 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information galera-3-25.3.24-4.3 is installed OR galera-3-wsrep-provider-25.3.24-4.3 is installed OR libmariadb3-3.0.6-3.6 is installed OR mariadb-10.2.21-4.8 is installed OR mariadb-client-10.2.21-4.8 is installed OR mariadb-connector-c-3.0.6-3.6 is installed OR mariadb-errormessages-10.2.21-4.8 is installed OR mariadb-galera-10.2.21-4.8 is installed OR mariadb-tools-10.2.21-4.8 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libxslt-1.1.28-17.9 is installed OR libxslt-tools-1.1.28-17.9 is installed OR libxslt1-1.1.28-17.9 is installed OR libxslt1-32bit-1.1.28-17.9 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information LibVNCServer-0.9.9-17.31 is installed OR libvncclient0-0.9.9-17.31 is installed OR libvncserver0-0.9.9-17.31 is installed
BACK