Bug 1005076 (CVE-2016-8688)

Summary: VUL-0: CVE-2016-8688: libarchive: Use after free because of incorrect calculation in next_line
Product: [Novell Products] SUSE Security Incidents Reporter: Johannes Segitz <jsegitz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/173642/
Whiteboard: CVSSv2:SUSE:CVE-2016-8688:5.1:(AV:N/AC:H/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-8688:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 1 Swamp Workflow Management 2016-10-17 22:02:48 UTC 
bugbot adjusting priority
Comment 2 Swamp Workflow Management 2016-11-25 15:07:59 UTC 
SUSE-SU-2016:2911-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1005070,1005072,1005076,986566,989980,998677
CVE References: CVE-2015-2304,CVE-2016-5418,CVE-2016-5844,CVE-2016-6250,CVE-2016-8687,CVE-2016-8688,CVE-2016-8689
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libarchive-3.1.2-25.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libarchive-3.1.2-25.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    libarchive-3.1.2-25.1
SUSE Linux Enterprise Server 12-SP2 (src):    libarchive-3.1.2-25.1
SUSE Linux Enterprise Server 12-SP1 (src):    libarchive-3.1.2-25.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    libarchive-3.1.2-25.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libarchive-3.1.2-25.1
Comment 3 Swamp Workflow Management 2016-12-05 12:08:12 UTC 
openSUSE-SU-2016:3002-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1005070,1005072,1005076,986566,989980,998677
CVE References: CVE-2015-2304,CVE-2016-5418,CVE-2016-5844,CVE-2016-6250,CVE-2016-8687,CVE-2016-8688,CVE-2016-8689
Sources used:
openSUSE Leap 42.2 (src):    libarchive-3.1.2-16.1
Comment 4 Swamp Workflow Management 2016-12-05 12:10:51 UTC 
openSUSE-SU-2016:3005-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1005070,1005072,1005076,986566,989980,998677
CVE References: CVE-2015-2304,CVE-2016-5418,CVE-2016-5844,CVE-2016-6250,CVE-2016-8687,CVE-2016-8688,CVE-2016-8689
Sources used:
openSUSE Leap 42.1 (src):    libarchive-3.1.2-16.1
Comment 5 Adrian Schröter 2018-10-10 13:24:30 UTC 
is done
Comment 8 Marcus Meissner 2019-11-02 19:09:49 UTC 
released