VYPR

rpm package

suse/bsdtar&distro=SUSE Linux Enterprise Server 11 SP2-LTSS

pkg:rpm/suse/bsdtar&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Vulnerabilities (7)

  • CVE-2016-4809HigSep 21, 2016
    affected < 2.5.5-9.1fixed 2.5.5-9.1

    The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.

  • CVE-2015-8929MedSep 20, 2016
    affected < 2.5.5-9.1fixed 2.5.5-9.1

    Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.

  • CVE-2015-8924MedSep 20, 2016
    affected < 2.5.5-9.1fixed 2.5.5-9.1

    The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.

  • CVE-2015-8921HigSep 20, 2016
    affected < 2.5.5-9.1fixed 2.5.5-9.1

    The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

  • CVE-2015-8920MedSep 20, 2016
    affected < 2.5.5-9.1fixed 2.5.5-9.1

    The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.

  • CVE-2015-8918HigSep 20, 2016
    affected < 2.5.5-9.1fixed 2.5.5-9.1

    The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."

  • CVE-2015-2304Mar 15, 2015
    affected < 2.5.5-9.1fixed 2.5.5-9.1

    Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.