[slackware-security] libarchive

New libarchive packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libarchive-3.8.6-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: libarchive: fix incompatibility with...

SUSE CVE-2015-8925

The readline function in archivereadsupportformatmtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service invalid read via a crafted mtree file, related to newline parsing...

libarchive: Heap out of bounds read in mtree parser

A vulnerability was found in libarchive. A specially crafted MTREE file could cause a limited out-of-bounds read, potentially disclosing contents of application memory...

libarchive: Undefined behavior (signed integer overflow) in mtree parser

Undefined behavior signed integer overflow was discovered in libarchive, in the MTREE parser's calculation of maximum and minimum dates. A crafted mtree file could potentially cause denial of service...

libarchive: Unclear invalid memory read in mtree parser

A vulnerability was found in libarchive. A specially crafted MTREE file could cause a small out-of-bounds read, potentially disclosing a small amount of application memory...

libarchive: Global out of bounds read in mtree parser

A vulnerability was found in libarchive. A specially crafted mtree file could cause libarchive to read beyond a statically declared structure, potentially disclosing application memory...

libarchive: Global out of bounds read in mtree parser

A vulnerability was found in libarchive. A specially crafted mtree file could cause libarchive to read beyond a statically declared structure, potentially disclosing application memory...

openSUSE Security Update : libarchive (openSUSE-2016-969)

libarchive was updated to fix 20 security issues. These security issues were fixed : - CVE-2015-8918: Overlapping memcpy in CAB parser bsc985698. - CVE-2015-8919: Heap out of bounds read in LHA/LZH parser bsc985697. - CVE-2015-8920: Stack out of bounds read in ar parser bsc985675. - CVE-2015-8921...

CVE-2015-8931

Undefined behavior signed integer overflow was discovered in libarchive, in the MTREE parser's calculation of maximum and minimum dates. A crafted mtree file could potentially cause denial of service...

libarchive mtree parser heap out-of-bounds read vulnerability

libarchive is a multi-format archive and compression library. A security vulnerability exists in libarchive's mtree parser that can be exploited by an attacker to cause a heap out-of-bounds read...

libarchive mtree parser out-of-bounds read vulnerability

libarchive is a multi-format archive and compression library. A security vulnerability exists in libarchive's mtree parser that can be exploited by an attacker to cause an out-of-bounds read...

Unspecified vulnerability in libarchive mtree parser

libarchive is a multi-format archive and compression library. A security vulnerability exists in libarchive's mtree parser that can be exploited by an attacker to cause an invalid memory read...

libarchive mtree parser integer overflow vulnerability

libarchive is a multi-format archive and compression library. A security vulnerability exists in libarchive's mtree parser. An attacker can exploit this vulnerability to perform undefined operations, resulting in an integer overflow...