Updated libarchive packages fix security vulnerability
Publication date: 05 Jul 2016Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8934 , CVE-2016-4300 , CVE-2016-4301 , CVE-2016-4302
Description
An out of bounds read in the rar parser: invalid read in function copy_from_lzss_window() when unpacking malformed rar (CVE-2015-8934). An exploitable heap overflow vulnerability exists in the 7zip read_SubStreamsInfo functionality of libarchive. A specially crafted 7zip file can cause a integer overflow resulting in memory corruption that can lead to code execution. An attacker can send a malformed file to trigger this vulnerability (CVE-2016-4300). An exploitable stack based buffer overflow vulnerability exists in the mtree parse_device functionality of libarchive. A specially crafted mtree file can cause a buffer overflow resulting in memory corruption/code execution. An attacker can send a malformed file to trigger this vulnerability (CVE-2016-4301). An exploitable heap overflow vulnerability exists in the Rar decompression functionality of libarchive. A specially crafted Rar file can cause a heap corruption eventually leading to code execution. An attacker can send a malformed file to trigger this vulnerability (CVE-2016-4302). A signed integer overflow in iso parser: integer overflow when computing location of volume descriptor (CVE-2016-5844). The libarchive package has been updated to version 3.2.1, fixing those issues and other bugs.
References
- https://bugs.mageia.org/show_bug.cgi?id=18769
- https://github.com/libarchive/libarchive/issues/521
- http://www.talosintel.com/reports/TALOS-2016-0152
- http://www.talosintel.com/reports/TALOS-2016-0153
- http://www.talosintel.com/reports/TALOS-2016-0154
- https://bugzilla.redhat.com/show_bug.cgi?id=1349229
- https://bugzilla.redhat.com/show_bug.cgi?id=1348439
- https://bugzilla.redhat.com/show_bug.cgi?id=1348441
- https://bugzilla.redhat.com/show_bug.cgi?id=1348444
- http://openwall.com/lists/oss-security/2016/06/23/6
- https://groups.google.com/forum/#!msg/libarchive-discuss/sui01WaM3ic/WhAgI4ylAwAJ
- http://openwall.com/lists/oss-security/2016/06/24/4
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4301
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302
SRPMS
5/core
- libarchive-3.2.1-1.mga5