SUSE-SU-2019:14233-1: moderate: Security update for bsdtar
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Nov 27 10:17:23 MST 2019
SUSE Security Update: Security update for bsdtar
______________________________________________________________________________
Announcement ID: SUSE-SU-2019:14233-1
Rating: moderate
References: #1005070 #1059139 #985601 #985706
Cross-References: CVE-2015-8915 CVE-2015-8925 CVE-2016-8687
CVE-2017-14503
Affected Products:
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for bsdtar fixes the following issues:
- CVE-2015-8915: Fixed an invalid read which could have allowed remote
attackers to cause a denial of service (bsc#985601).
- CVE-2015-8925: Fixed an invalid read which could have allowed remote
attackers to cause a denial of service (bsc#985706).
- CVE-2017-14503: Fixed an out of bounds read within lha_read_data_none()
in archive_read_support_format_lha.c (bsc#1059139).
- CVE-2016-8687: Fixed a buffer overflow when printing a filename
(bsc#1005070).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-bsdtar-14233=1
Package List:
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):
bsdtar-debuginfo-2.5.5-10.8.1
bsdtar-debugsource-2.5.5-10.8.1
References:
https://www.suse.com/security/cve/CVE-2015-8915.html
https://www.suse.com/security/cve/CVE-2015-8925.html
https://www.suse.com/security/cve/CVE-2016-8687.html
https://www.suse.com/security/cve/CVE-2017-14503.html
https://bugzilla.suse.com/1005070
https://bugzilla.suse.com/1059139
https://bugzilla.suse.com/985601
https://bugzilla.suse.com/985706
More information about the sle-security-updates
mailing list