Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29337
HistoryMay 06, 2013 - 12:00 a.m.

[ MDVSA-2013:147 ] libarchive

2013-05-0600:00:00
vulners.com
12
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2013:147
http://www.mandriva.com/en/support/security/

Package : libarchive
Date : April 19, 2013
Affected: Business Server 1.0, Enterprise Server 5.0

Problem Description:

A vulnerability has been found and corrected in libarchive:

Fabian Yamaguchi reported a read buffer overflow flaw in
libarchive on 64-bit systems where sizeof(size_t) is equal
to 8. In the archive_write_zip_data() function in libarchive/
archive_write_set_format_zip.c, the "s" parameter is of type size_t
(64 bit, unsigned) and is cast to a 64 bit signed integer. If "s" is
larger than MAX_INT, it will not be set to "zip->remaining_data_bytes"
even though it is larger than "zip->remaining_data_bytes", which
leads to a buffer overflow when calling deflate(). This can lead to a
segfault in an application that uses libarchive to create ZIP archives
(CVE-2013-0211).

The updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0211
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0119

Updated Packages:

Mandriva Enterprise Server 5:
db7909eb958a090af3abeec3e4427f20 mes5/i586/bsdtar-2.5.5-1.2mdvmes5.2.i586.rpm
8ce2a7ce2501bb7bd6a53e3dffd8fd31 mes5/i586/libarchive2-2.5.5-1.2mdvmes5.2.i586.rpm
ba4c4e8717271abf9f2228886617409c mes5/i586/libarchive-devel-2.5.5-1.2mdvmes5.2.i586.rpm
52d76a6e66d3e63c981b947dc8d58f50 mes5/SRPMS/libarchive-2.5.5-1.2mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
f922a9da676ae2d2de2f717bd5841c73 mes5/x86_64/bsdtar-2.5.5-1.2mdvmes5.2.x86_64.rpm
4218a2812e89dc233b1e1eeb6f407e44 mes5/x86_64/lib64archive2-2.5.5-1.2mdvmes5.2.x86_64.rpm
a928fa095d7cf3f3ef5c4338b1fba506 mes5/x86_64/lib64archive-devel-2.5.5-1.2mdvmes5.2.x86_64.rpm
52d76a6e66d3e63c981b947dc8d58f50 mes5/SRPMS/libarchive-2.5.5-1.2mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
05b377385a447c33cd6e85efeeaa4fd0 mbs1/x86_64/bsdcpio-3.0.3-2.1.mbs1.x86_64.rpm
3ff28cd1ce2047a8dfed99a978d238a2 mbs1/x86_64/bsdtar-3.0.3-2.1.mbs1.x86_64.rpm
4adb27059351ae756462e9e25c87e11e mbs1/x86_64/lib64archive12-3.0.3-2.1.mbs1.x86_64.rpm
52850e175df3b0b48a307d87c7b5f3ea mbs1/x86_64/lib64archive-devel-3.0.3-2.1.mbs1.x86_64.rpm
890acf6fa9dafa2303be49bc1d42bdf1 mbs1/SRPMS/libarchive-3.0.3-2.1.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRcTdymqjQ0CJFipgRAs/4AKC3K7COuqRwVL6Ecq8yZ8chXthyWQCg04Q5
PRlg9lwbUt4q80+7fmRJ8Kk=
=jL85
-----END PGP SIGNATURE-----

Related

fedora 4
prion 1
openvas 13
securityvulns 1
debiancve 1
freebsd_advisory 1
altlinux 1
nessus 12
cve 1
ubuntucve 1
freebsd 1
ubuntu 1
gentoo 1
fedora
fedora
[SECURITY] Fedora 17 Update: libarchive-3.0.4-3.fc17
2013-04-12 22:27:24
[SECURITY] Fedora 18 Update: mingw-libarchive-3.0.4-4.fc18
2013-04-08 00:22:17
[SECURITY] Fedora 17 Update: mingw-libarchive-3.0.4-4.fc17
2013-04-08 00:26:15
prion
prion
Integer overflow
2013-09-30 22:55:00
openvas
openvas
Fedora Update for mingw-libarchive FEDORA-2013-4592
2013-04-08 00:00:00
Fedora Update for libarchive FEDORA-2013-4522
2013-04-15 00:00:00
Fedora Update for libarchive FEDORA-2013-4537
2013-04-15 00:00:00
securityvulns
securityvulns
libarchive integer overflow
2013-05-06 00:00:00
debiancve
debiancve
CVE-2013-0211
2013-09-30 22:55:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:23.libarchive
2016-05-31 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libarchive version 3.1.2-alt2
2015-08-05 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : libarchive (MDVSA-2013:147)
2013-04-20 00:00:00
Fedora 17 : mingw-libarchive-3.0.4-4.fc17 (2013-4576)
2013-04-08 00:00:00
Fedora 17 : libarchive-3.0.4-3.fc17 (2013-4522)
2013-04-13 00:00:00
cve
cve
CVE-2013-0211
2013-09-30 22:55:00
ubuntucve
ubuntucve
CVE-2013-0211
2013-03-25 00:00:00
freebsd
freebsd
libarchive -- multiple vulnerabilities
2012-12-06 00:00:00
ubuntu
ubuntu
libarchive vulnerabilities
2015-03-25 00:00:00
gentoo
gentoo
libarchive: Multiple vulnerabilities
2014-06-01 00:00:00
JSON
Related for SECURITYVULNS:DOC:29337
fedora4prion1openvas13securityvulns1debiancve1freebsd_advisory1altlinux1nessus12cve1ubuntucve1freebsd1ubuntu1gentoo1