21 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-14166
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libarchive 3.3.2 allows remote attackers to cause a denial of service xmldata heap-based buffer over- read and application crash via a crafted xar archive,...
Security Bulletin: IBM App Connect Enterprise Certified Container images may be vulnerable to denial of service due to libarchive [CVE-2017-14166]
Summary libarchive is present in the IBM App Connect Enterprise Certified Container images as part of the base operating system. IBM App Connect Enterprise Certified Container images may be vulnerable to denial of service. This bulletin provides patch information to address the reported...
Mageia: Security Advisory (MGASA-2017-0337)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:3640-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:3640-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2020-1226)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2019-2604)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2019-2202)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-4360-1 : libarchive - security update
Multiple security issues were found in libarchive, a multi-format archive and compression library: Processing malformed RAR archives could result in denial of service or the execution of arbitrary code and malformed WARC, LHarc, ISO, Xar or CAB archives could result in denial of service. C Tenabl...
[SECURITY] [DSA 4360-1] libarchive security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4360-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2018 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-4360-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2018:3640-2)
This update for libarchive fixes the following issues : CVE-2016-10209: The archivewstringappendfrommbs function in archivestring.c allowed remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted archive file. bsc1032089 CVE-2016-10349: The...
[SECURITY] [DLA 1600-1] libarchive security update
Package : libarchive Version : 3.1.2-11+deb8u4 CVE ID : CVE-2015-8915 CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-5601 CVE-2017-14166 CVE-2017-14501 CVE-2017-14502 CVE-2017-14503 Debian Bug : 853278 875960 875974 875966 874539 840934 840935 8616...
openSUSE Security Update : libarchive (openSUSE-2018-1366)
This update for libarchive fixes the following issues : - CVE-2016-10209: The archivewstringappendfrommbs function in archivestring.c allowed remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted archive file. bsc1032089 - CVE-2016-10349: The...
Ubuntu: Security Advisory (USN-3736-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3736-1: libarchive vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that libarchive incorrectly handled certain archive files. A remote attacker could possibly use this issue to cause a denial of service. This...
USN-3736-1: libarchive vulnerabilities
It was discovered that libarchive incorrectly handled certain archive files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-10209, CVE-2016-10349, CVE-2016-10350 Agostino Sarubbo discovered tha...
MGASA-2017-0337 Updated libarchive packages fix security vulnerability
Heap-based buffer overflow in xmldata in archivereadsupportformatxar.c CVE-2017-14166...
CVE-2017-14166
CVE-2017-14166 affects libarchive and causes a denial of service via a heap-based buffer over-read in the atol8 handling inside archive_read_support_format_xar.c when processing crafted XAR files. This is evidenced across multiple advisories (IBM App Connect Enterprise/Bulletin, IBM MQ/Operator b...
CVE-2017-14166
libarchive 3.3.2 allows remote attackers to cause a denial of service xmldata heap-based buffer over-read and application crash via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archivereadsupportformatxar.c...