| Errata ID | 392 |
|---|---|
| Date | 2019-01-09 |
| Source package | libarchive |
| Fixed in version | 3.2.2-2+deb9u1 |
| Description | This update addresses the following issues: * NULL pointer dereference in archive_wstring_append_from_mbs function (CVE-2016-10209) * Heap-based buffer over-read in the archive_le32dec function (CVE-2016-10349) * Heap-based buffer over-read in the archive_read_format_cab_read_header function (CVE-2016-10350) * Heap-based buffer over-read in the atol8 function (CVE-2017-14166) * Out-of-bounds read in parse_file_info (CVE-2017-14501) * Off-by-one error in the read_header function (CVE-2017-14502) * Out-of-bounds read in lha_read_data_none (CVE-2017-14503) * libarchive contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. (CVE-2018-1000877) * libarchive contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. (CVE-2018-1000878) * libarchive contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file. (CVE-2018-1000880) |
| Additional notes | |
| CVE ID | CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-14166 CVE-2017-14501 CVE-2017-14502 CVE-2017-14503 CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000880 |
| UCS Bug number | #48408 |
