Advisories ยป MGASA-2016-0239

Updated libarchive packages fix security vulnerability

Publication date: 05 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8934 , CVE-2016-4300 , CVE-2016-4301 , CVE-2016-4302

Description

An out of bounds read in the rar parser: invalid read in function
copy_from_lzss_window() when unpacking malformed rar (CVE-2015-8934).

An exploitable heap overflow vulnerability exists in the 7zip
read_SubStreamsInfo functionality of libarchive. A specially crafted 7zip
file can cause a integer overflow resulting in memory corruption that can
lead to code execution. An attacker can send a malformed file to trigger
this vulnerability (CVE-2016-4300).

An exploitable stack based buffer overflow vulnerability exists in the
mtree parse_device functionality of libarchive. A specially crafted mtree
file can cause a buffer overflow resulting in memory corruption/code
execution. An attacker can send a malformed file to trigger this
vulnerability (CVE-2016-4301).

An exploitable heap overflow vulnerability exists in the Rar decompression
functionality of libarchive. A specially crafted Rar file can cause a heap
corruption eventually leading to code execution. An attacker can send a
malformed file to trigger this vulnerability (CVE-2016-4302).

A signed integer overflow in iso parser: integer overflow when computing
location of volume descriptor (CVE-2016-5844).

The libarchive package has been updated to version 3.2.1, fixing those
issues and other bugs.
                

References

SRPMS

5/core