Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

libarchive vulnerabilities

Related Vulnerabilities: CVE-2015-8916   CVE-2015-8917   CVE-2015-8919   CVE-2015-8920   CVE-2015-8921   CVE-2015-8922   CVE-2015-8923   CVE-2015-8924   CVE-2015-8925   CVE-2015-8926   CVE-2015-8928   CVE-2015-8930   CVE-2015-8931   CVE-2015-8932   CVE-2015-8933   CVE-2015-8934   CVE-2016-5844   CVE-2016-4300   CVE-2016-4302   CVE-2016-4809  

libarchive could be made to crash or run programs if it opened a specially crafted file.

Hanno Böck discovered that libarchive contained multiple security issues when processing certain malformed archive files. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8916, CVE-2015-8917 CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8922, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8930, CVE-2015-8931, CVE-2015-8932, CVE-2015-8933, CVE-2015-8934, CVE-2016-5844)

Source

14 July 2016

libarchive vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

libarchive could be made to crash or run programs if it opened a specially crafted file.

Software Description

  • libarchive - Library to read/write archive files

Details

Hanno Böck discovered that libarchive contained multiple security issues when processing certain malformed archive files. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8916, CVE-2015-8917 CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8922, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8930, CVE-2015-8931, CVE-2015-8932, CVE-2015-8933, CVE-2015-8934, CVE-2016-5844)

Marcin “Icewall” Noga discovered that libarchive contained multiple security issues when processing certain malformed archive files. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4300, CVE-2016-4302)

It was discovered that libarchive incorrectly handled memory allocation with large cpio symlinks. A remote attacker could use this issue to possibly cause libarchive to crash, resulting in a denial of service. (CVE-2016-4809)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
libarchive13 - 3.1.2-11ubuntu0.16.04.2
Ubuntu 15.10
libarchive13 - 3.1.2-11ubuntu0.15.10.2
Ubuntu 14.04 LTS
libarchive13 - 3.1.2-7ubuntu2.3
Ubuntu 12.04 LTS
libarchive12 - 3.0.3-6ubuntu1.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started