65 matches found
libarchive security and bug fix update
3.3.2-7 - fix use-after-free in delayed newc link processing 1602575 - fix a few obvious resource leaks and strcpy misuses 1602575 3.3.2-6 - fixed use after free in RAR decoder 1700752 - fixed double free in RAR decoder 1700753 3.3.2-5 - release bump due to gating 1680768 3.3.2-4 - fix...
libarchive: Use after free in RAR decoder resulting in a denial of service
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0 onwards contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archivereadsupportformatrar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be...
libarchive: Double free in RAR decoder resulting in a denial of service
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0 onwards contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archivereadsupportformatrar.c, parsecodes, reallocrar-lzss.window, newsize with newsize = 0 that can result in Crash/DoS. Thi...
Moderate: Red Hat Security Advisory: libarchive security and bug fix update
An update for libarchive is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Medium: libarchive
Issue Overview: libarchive 3.3.2 suffers from an out-of-bounds read within lhareaddatanone in archivereadsupportformatlha.c when extracting a specially crafted lha archive, related to lhacrc16.CVE-2017-14503 libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0...
bsdcpio, bsdtar, libarchive security update
CentOS Errata and Security Advisory CESA-2019:2298 An update for libarchive is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...
Security fix for the ALT Linux 10 package libarchive version 3.4.0-alt1
Aug. 22, 2019 Aleksei Nikiforov 3.4.0-alt1 - Updated to upstream version 3.4.0. - Fixes: + CVE-2018-1000877 Double Free vulnerability in RAR decoder + CVE-2018-1000878 Use After Free vulnerability in RAR decoder + CVE-2018-1000879 NULL Pointer Dereference vulnerability in ACL parser +...
libarchive security update
3.1.2-12 - fixed use after free in RAR decoder 1700749 - fixed double free in RAR decoder 1700748 3.1.2-11 - fix out-of-bounds read within lhareaddatanone CVE-2017-14503 - fix crash on crafted 7zip archives CVE-2019-1000019 - fix infinite loop in ISO9660 CVE-2019-1000020...
Denial Of Service (DoS)
libarchive is vulnerable to denial of service DoS. It is possible due to use after free in RAR decoder...
libarchive: Double free in RAR decoder resulting in a denial of service
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0 onwards contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archivereadsupportformatrar.c, parsecodes, reallocrar-lzss.window, newsize with newsize = 0 that can result in Crash/DoS. Thi...
CVE-2018-10115
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service segmentation fault or execute arbitrary code via a crafted RAR archive...
EulerOS Virtualization for ARM 64 3.0.1.0 : libarchive (EulerOS-SA-2019-1390)
According to the versions of the libarchive package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0 onwards contains a CWE-41...
openSUSE Security Update : libarchive (openSUSE-2019-1196)
This update for libarchive fixes the following issues : Security issues fixed : - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653 - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654 - CVE-2018-1000879: Fixed a NULL pointer Dereference...
OPENSUSE-SU-2019:1196-1 Security update for libarchive
This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653 - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654 - CVE-2018-1000879: Fixed a NULL Pointer Dereference...
Security update for libarchive (moderate)
openSUSE Security Update: Security update for libarchive Announcement ID: openSUSE-SU-2019:1196-1 Rating: moderate References: 1120653 1120654 1120656 1120659 1124341 1124342 Cross-References: CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2018-1000880 CVE-2019-1000019 CVE-2019-1000020...
SUSE SLED15 / SLES15 Security Update : libarchive (SUSE-SU-2019:0831-1)
This update for libarchive fixes the following issues : Security issues fixed : CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653 CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654 CVE-2018-1000879: Fixed a NULL pointer Dereference...
SUSE-SU-2019:0831-1 Security update for libarchive
This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653 - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654 - CVE-2018-1000879: Fixed a NULL Pointer Dereference...
EulerOS 2.0 SP3 : libarchive (EulerOS-SA-2019-1094)
According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0 onwards contains a CWE-415: Double Free vulnerabili...
EulerOS 2.0 SP5 : libarchive (EulerOS-SA-2019-1067)
According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0 onwards contains a CWE-415: Double Free vulnerabili...
CVE-2018-1000877
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0 onwards contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archivereadsupportformatrar.c, parsecodes, reallocrar-lzss.window, newsize with newsize = 0 that can result in Crash/DoS. Thi...