SB2012030606 - Fedora EPEL 5 update for libarchive
Published: March 6, 2012
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2010-4666)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data.
2) Buffer overflow (CVE-ID: CVE-2011-1777)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.
3) Buffer overflow (CVE-ID: CVE-2011-1778)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.
4) Resource management error (CVE-ID: CVE-2011-1779)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image.
Remediation
Install update from vendor's website.