UbuntuUpdates.org

Bugs fixes in "libarchive"

Origin Bug number Title Date fixed
CVE CVE-2017-14503 libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially craf 2018-08-13
CVE CVE-2017-14501 An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted 2018-08-13
CVE CVE-2017-14503 libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially craf 2018-08-13
CVE CVE-2017-14501 An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted 2018-08-13
CVE CVE-2017-5601 An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-o 2017-03-09
CVE CVE-2016-8689 The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bound 2017-03-09
CVE CVE-2016-8688 The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial 2017-03-09
CVE CVE-2016-8687 Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a 2017-03-09
CVE CVE-2016-7166 libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory con 2017-03-09
CVE CVE-2016-6250 Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute 2017-03-09
CVE CVE-2016-5418 The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to 2017-03-09
CVE CVE-2017-5601 An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-o 2017-03-09
CVE CVE-2016-8689 The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bound 2017-03-09
CVE CVE-2016-8688 The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial 2017-03-09
CVE CVE-2016-8687 Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a 2017-03-09
CVE CVE-2016-7166 libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory con 2017-03-09
CVE CVE-2016-6250 Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute 2017-03-09
CVE CVE-2016-5418 The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to 2017-03-09
CVE CVE-2017-5601 An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-o 2017-03-09
CVE CVE-2016-8689 The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bound 2017-03-09



About   -   Send Feedback to @ubuntu_updates