libarchive: Multiple vulnerabilities
Multiple vulnerabilities have been found in libarchive, the worst
of which allows for the remote execution of arbitrary code.
libarchive
2017-01-01
2017-01-01
548110
552646
582526
586086
586182
596568
598950
remote
3.2.2
3.2.2
libarchive is a library for manipulating different streaming archive
formats, including certain tar variants, several cpio formats, and both
BSD and GNU ar variants.
Multiple vulnerabilities have been discovered in libarchive. Please
review the CVE identifiers referenced below for details.
A remote attacker could entice a user to open a specially crafted
archive file possibly resulting in the execution of arbitrary code with
the privileges of the process or a Denial of Service condition.
There is no known workaround at this time.
All libarchive users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/libarchive-3.2.2"
CVE-2015-2304
CVE-2015-8915
CVE-2015-8916
CVE-2015-8917
CVE-2015-8918
CVE-2015-8919
CVE-2015-8920
CVE-2015-8921
CVE-2015-8922
CVE-2015-8923
CVE-2015-8924
CVE-2015-8925
CVE-2015-8926
CVE-2015-8927
CVE-2015-8928
CVE-2015-8929
CVE-2015-8930
CVE-2015-8931
CVE-2015-8932
CVE-2015-8933
CVE-2015-8934
CVE-2016-1541
CVE-2016-4300
CVE-2016-4301
CVE-2016-4302
CVE-2016-4809
CVE-2016-5418
CVE-2016-5844
CVE-2016-6250
CVE-2016-7166
CVE-2016-8687
CVE-2016-8688
CVE-2016-8689
b-man
b-man