English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.871660
Kategorie:Red Hat Local Security Checks
Titel:RedHat Update for libarchive RHSA-2016:1850-01
Zusammenfassung:The remote host is missing an update for the 'libarchive'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'libarchive'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The libarchive programming library can create
and read several different streaming archive formats, including GNU tar, cpio and
ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting
language bindings such as python-libarchive, and several popular desktop
file managers.

Security Fix(es):

* A flaw was found in the way libarchive handled hardlink archive entries
of non-zero size. Combined with flaws in libarchive's file system
sandboxing, this issue could cause an application using libarchive to
overwrite arbitrary files with arbitrary data from the archive.
(CVE-2016-5418)

* Multiple out-of-bounds read flaws were found in libarchive. Specially
crafted AR or MTREE files could cause the application to read data out of
bounds, potentially disclosing a small amount of application memory, or
causing an application crash. (CVE-2015-8920, CVE-2015-8921)

* A denial of service vulnerability was found in libarchive's handling of
GZIP streams. A crafted GZIP file could cause libarchive to allocate an
excessive amount of memory, eventually leading to a crash. (CVE-2016-7166)

* A denial of service vulnerability was found in libarchive. A specially
crafted CPIO archive containing a symbolic link to a large target path
could cause memory allocation to fail, causing an application using
libarchive that attempted to view or extract such archive to crash.
(CVE-2016-4809)

* Multiple instances of undefined behavior due to arithmetic overflow were
found in libarchive. Specially crafted Compress streams or ISO9660 volumes
could potentially cause the application to fail to read the archive, or to
crash. (CVE-2015-8932, CVE-2016-5844)

Red Hat would like to thank Insomnia Security for reporting CVE-2016-5418.

Affected Software/OS:
libarchive on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-8920
BugTraq ID: 91301
http://www.securityfocus.com/bid/91301
Debian Security Information: DSA-3657 (Google Search)
http://www.debian.org/security/2016/dsa-3657
https://security.gentoo.org/glsa/201701-03
https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html
http://www.openwall.com/lists/oss-security/2016/06/17/2
http://www.openwall.com/lists/oss-security/2016/06/17/5
RedHat Security Advisories: RHSA-2016:1844
http://rhn.redhat.com/errata/RHSA-2016-1844.html
RedHat Security Advisories: RHSA-2016:1850
http://rhn.redhat.com/errata/RHSA-2016-1850.html
SuSE Security Announcement: SUSE-SU-2016:1909 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html
http://www.ubuntu.com/usn/USN-3033-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-8921
BugTraq ID: 91307
http://www.securityfocus.com/bid/91307
Common Vulnerability Exposure (CVE) ID: CVE-2015-8932
BugTraq ID: 91424
http://www.securityfocus.com/bid/91424
Common Vulnerability Exposure (CVE) ID: CVE-2016-4809
BugTraq ID: 91813
http://www.securityfocus.com/bid/91813
Common Vulnerability Exposure (CVE) ID: CVE-2016-5418
BugTraq ID: 93165
http://www.securityfocus.com/bid/93165
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
http://www.openwall.com/lists/oss-security/2016/08/09/2
RedHat Security Advisories: RHSA-2016:1852
https://access.redhat.com/errata/RHSA-2016:1852
RedHat Security Advisories: RHSA-2016:1853
https://access.redhat.com/errata/RHSA-2016:1853
Common Vulnerability Exposure (CVE) ID: CVE-2016-5844
BugTraq ID: 91808
http://www.securityfocus.com/bid/91808
https://blog.fuzzing-project.org/48-Out-of-bounds-read-and-signed-integer-overflow-in-libarchive.html
http://www.openwall.com/lists/oss-security/2016/06/23/6
http://www.openwall.com/lists/oss-security/2016/06/24/4
http://www.securitytracker.com/id/1036173
Common Vulnerability Exposure (CVE) ID: CVE-2016-7166
BugTraq ID: 92901
http://www.securityfocus.com/bid/92901
http://www.openwall.com/lists/oss-security/2016/09/08/15
http://www.openwall.com/lists/oss-security/2016/09/08/18
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.