[월:] 2016년 09월

CVE-2015-8930 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

Posted on by admin

CVE-2015-8930 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

Source: CVE-2015-8930 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

CVE-2015-8929 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit)

Posted on by admin

CVE-2015-8929 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit)

Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.

Source: CVE-2015-8929 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit)

CVE-2015-8928 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

Posted on by admin

CVE-2015-8928 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

Source: CVE-2015-8928 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

CVE-2015-8926 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

Posted on by admin

CVE-2015-8926 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.

Source: CVE-2015-8926 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

CVE-2015-8925 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

Posted on by admin

CVE-2015-8925 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.

Source: CVE-2015-8925 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

CVE-2015-8924 (libarchive, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit, ubuntu_linux)

Posted on by admin

CVE-2015-8924 (libarchive, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit, ubuntu_linux)

The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.

Source: CVE-2015-8924 (libarchive, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit, ubuntu_linux)

CVE-2015-8923 (libarchive, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit, ubuntu_linux)

Posted on by admin

CVE-2015-8923 (libarchive, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit, ubuntu_linux)

The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.

Source: CVE-2015-8923 (libarchive, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit, ubuntu_linux)

CVE-2015-8922 (libarchive, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit, ubuntu_linux)

Posted on by admin

CVE-2015-8922 (libarchive, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit, ubuntu_linux)

The read_CodersInfo cuntion in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer derference and crash) via a crafted 7z file, related to the _7z_folder struct.

Source: CVE-2015-8922 (libarchive, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit, ubuntu_linux)

CVE-2015-8921 (libarchive, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit, ubuntu_linux)

Posted on by admin

CVE-2015-8921 (libarchive, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit, ubuntu_linux)

The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

Source: CVE-2015-8921 (libarchive, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit, ubuntu_linux)