Bug 1005076 - (CVE-2016-8688) VUL-0: CVE-2016-8688: libarchive: Use after free because of incorrect calculation in next_line
(CVE-2016-8688)
VUL-0: CVE-2016-8688: libarchive: Use after free because of incorrect calcula...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/173642/
CVSSv2:SUSE:CVE-2016-8688:5.1:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-10-17 11:18 UTC by Johannes Segitz
Modified: 2019-11-02 19:09 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2016-10-17 22:02:48 UTC
bugbot adjusting priority
Comment 2 Swamp Workflow Management 2016-11-25 15:07:59 UTC
SUSE-SU-2016:2911-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1005070,1005072,1005076,986566,989980,998677
CVE References: CVE-2015-2304,CVE-2016-5418,CVE-2016-5844,CVE-2016-6250,CVE-2016-8687,CVE-2016-8688,CVE-2016-8689
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libarchive-3.1.2-25.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libarchive-3.1.2-25.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    libarchive-3.1.2-25.1
SUSE Linux Enterprise Server 12-SP2 (src):    libarchive-3.1.2-25.1
SUSE Linux Enterprise Server 12-SP1 (src):    libarchive-3.1.2-25.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    libarchive-3.1.2-25.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libarchive-3.1.2-25.1
Comment 3 Swamp Workflow Management 2016-12-05 12:08:12 UTC
openSUSE-SU-2016:3002-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1005070,1005072,1005076,986566,989980,998677
CVE References: CVE-2015-2304,CVE-2016-5418,CVE-2016-5844,CVE-2016-6250,CVE-2016-8687,CVE-2016-8688,CVE-2016-8689
Sources used:
openSUSE Leap 42.2 (src):    libarchive-3.1.2-16.1
Comment 4 Swamp Workflow Management 2016-12-05 12:10:51 UTC
openSUSE-SU-2016:3005-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1005070,1005072,1005076,986566,989980,998677
CVE References: CVE-2015-2304,CVE-2016-5418,CVE-2016-5844,CVE-2016-6250,CVE-2016-8687,CVE-2016-8688,CVE-2016-8689
Sources used:
openSUSE Leap 42.1 (src):    libarchive-3.1.2-16.1
Comment 5 Adrian Schröter 2018-10-10 13:24:30 UTC
is done
Comment 8 Marcus Meissner 2019-11-02 19:09:49 UTC
released