[slackware-security] libarchive

New libarchive packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libarchive-3.8.6-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: libarchive: fix incompatibility with...

CVE-2025-71072

In the Linux kernel, the following vulnerability has been resolved: shmem: fix recovery on rename failures mapletree insertions can fail if we are seriously short on memory; simpleoffsetrename does not recover well if it runs into that. The same goes for simpleoffsetrenameexchange. Moreover,...

EUVD-2015-8784

Malware in sbrugna...

EUVD-2015-8787

Malware in sbrugna...

EUVD-2016-9527

Malware in sbrugna...

EUVD-2015-8777

Malware in sbrugna...

EUVD-2015-8781

Malware in sbrugna...

EUVD-2016-5301

Malware in sbrugna...

SUSE CVE-2015-8921

The aestrtofflags function in archiveentry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service out-of-bounds read via a crafted mtree file...

SUSE CVE-2015-8925

The readline function in archivereadsupportformatmtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service invalid read via a crafted mtree file, related to newline parsing...

SUSE CVE-2015-8928

The processaddentry function in archivereadsupportformatmtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service out-of-bounds read via a crafted mtree file...

SUSE CVE-2015-8931

Multiple integer overflows in the 1 gettimetmax and 2 gettimetmin functions in archivereadsupportformatmtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior...

SUSE CVE-2016-4301

Stack-based buffer overflow in the parsedevice function in archivereadsupportformatmtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file...

SUSE CVE-2016-8688

The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service crash via a crafted file, which triggers an invalid read in the 1 detectform or 2 bidentry function in...

Fedora: Security Advisory for gomtree (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: gomtree-0.4.0-12.fc36

Go CLI tool for mtree support...

[SECURITY] Fedora 35 Update: gomtree-0.4.0-11.fc35

Go CLI tool for mtree support...

Fedora: Security Advisory for gomtree (FEDORA-2022-ba365d3703)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: gomtree-0.4.0-11.fc36

Go CLI tool for mtree support...

EulerOS Virtualization 3.0.2.2 : libarchive (EulerOS-SA-2020-1488)

According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards version v2.8.0 onwards contains a CWE-835: Loop wit...