rpm package

opensuse/bsdtar&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/bsdtar&distro=openSUSE%20Tumbleweed

Vulnerabilities (35)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-6250	Hig	8.6	< 3.2.2-2.1	3.2.2-2.1	Sep 21, 2016	Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.
CVE-2016-5844	Med	6.5	< 3.2.2-2.1	3.2.2-2.1	Sep 21, 2016	Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.
CVE-2016-5418	Hig	7.5	< 3.2.2-2.1	3.2.2-2.1	Sep 21, 2016	The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
CVE-2016-4809	Hig	7.5	< 3.2.2-2.1	3.2.2-2.1	Sep 21, 2016	The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.
CVE-2016-4301	Hig	7.8	< 3.2.2-2.1	3.2.2-2.1	Sep 21, 2016	Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.
CVE-2016-4300	Hig	7.8	< 3.2.2-2.1	3.2.2-2.1	Sep 21, 2016	Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.
CVE-2015-8934	Med	5.5	< 3.2.2-2.1	3.2.2-2.1	Sep 20, 2016	The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.
CVE-2015-8933	Med	5.5	< 3.2.2-2.1	3.2.2-2.1	Sep 20, 2016	Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.
CVE-2015-8928	Med	5.5	< 3.2.2-2.1	3.2.2-2.1	Sep 20, 2016	The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
CVE-2015-8917	Hig	7.5	< 3.2.2-2.1	3.2.2-2.1	Sep 20, 2016	bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.
CVE-2016-1541	Hig	8.8	< 3.2.2-2.1	3.2.2-2.1	May 7, 2016	Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
CVE-2015-2304		—	< 3.2.2-2.1	3.2.2-2.1	Mar 15, 2015	Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.
CVE-2013-0211		—	< 3.2.2-2.1	3.2.2-2.1	Sep 30, 2013	Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an i
CVE-2007-3641		—	< 3.5.1-1.5	3.5.1-1.5	Jul 14, 2007	archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary
CVE-2006-5680		—	< 3.5.1-1.5	3.5.1-1.5	Nov 9, 2006	The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers a

CVE-2016-6250HigSep 21, 2016
affected < 3.2.2-2.1fixed 3.2.2-2.1
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.
CVE-2016-5844MedSep 21, 2016
affected < 3.2.2-2.1fixed 3.2.2-2.1
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.
CVE-2016-5418HigSep 21, 2016
affected < 3.2.2-2.1fixed 3.2.2-2.1
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
CVE-2016-4809HigSep 21, 2016
affected < 3.2.2-2.1fixed 3.2.2-2.1
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.
CVE-2016-4301HigSep 21, 2016
affected < 3.2.2-2.1fixed 3.2.2-2.1
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.
CVE-2016-4300HigSep 21, 2016
affected < 3.2.2-2.1fixed 3.2.2-2.1
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.
CVE-2015-8934MedSep 20, 2016
affected < 3.2.2-2.1fixed 3.2.2-2.1
The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.
CVE-2015-8933MedSep 20, 2016
affected < 3.2.2-2.1fixed 3.2.2-2.1
Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.
CVE-2015-8928MedSep 20, 2016
affected < 3.2.2-2.1fixed 3.2.2-2.1
The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
CVE-2015-8917HigSep 20, 2016
affected < 3.2.2-2.1fixed 3.2.2-2.1
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.
CVE-2016-1541HigMay 7, 2016
affected < 3.2.2-2.1fixed 3.2.2-2.1
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
CVE-2015-2304Mar 15, 2015
affected < 3.2.2-2.1fixed 3.2.2-2.1
Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.
CVE-2013-0211Sep 30, 2013
affected < 3.2.2-2.1fixed 3.2.2-2.1
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an i
CVE-2007-3641Jul 14, 2007
affected < 3.5.1-1.5fixed 3.5.1-1.5
archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary
CVE-2006-5680Nov 9, 2006
affected < 3.5.1-1.5fixed 3.5.1-1.5
The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers a

Page 2 of 2