SB2018111909 - OpenSUSE Linux update for libarchive

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018111909

SB2018111909 - OpenSUSE Linux update for libarchive

Published: November 10, 2018 Updated: November 19, 2018

Security Bulletin ID SB2018111909
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2017-14501)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to out-of-bounds read condition in the parse_file_info function, as defined in the archive_read_support_format_iso9660.c source code file when extracting ISO 9660 files. A remote attacker can trick the victim into extracting an ISO 9660 file that submits malicious input and cause the service to crash.


2) Off-by-one (CVE-ID: CVE-2017-14502)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to off-by-one error for UTF-16 names in RAR archives. A remote attacker can trigger an out-of-bounds read in archive_read_format_rar_read_header and cause the service to crash.

3) Out-of-bounds read (CVE-ID: CVE-2017-14503)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive. A remote attacker can trigger an out-of-bounds read, related to lha_crc16 and cause the service to crash.

Remediation

Install update from vendor's website.

References