Gentoo Archives: gentoo-commits

From: "Sean Amoss (ackle)" <ackle@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201406-02.xml
Date: Sun, 01 Jun 2014 15:11:20
Message-Id: 20140601151115.44FFE2004E@flycatcher.gentoo.org
1 ackle 14/06/01 15:11:15
2
3 Added: glsa-201406-02.xml
4 Log:
5 GLSA 201406-02
6
7 Revision Changes Path
8 1.1 xml/htdocs/security/en/glsa/glsa-201406-02.xml
9
10 file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201406-02.xml?rev=1.1&view=markup
11 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201406-02.xml?rev=1.1&content-type=text/plain
12
13 Index: glsa-201406-02.xml
14 ===================================================================
15 <?xml version="1.0" encoding="UTF-8"?>
16 <?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17 <?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18 <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19 <glsa id="201406-02">
20 <title>libarchive: Multiple vulnerabilities</title>
21 <synopsis>Multiple vulnerabilities have been found in libarchive, some of
22 which may allow execution of arbitrary code.
23 </synopsis>
24 <product type="ebuild">libarchive</product>
25 <announced>June 01, 2014</announced>
26 <revised>June 01, 2014: 1</revised>
27 <bug>366687</bug>
28 <bug>463632</bug>
29 <access>remote</access>
30 <affected>
31 <package name="app-arch/libarchive" auto="yes" arch="*">
32 <unaffected range="ge">3.1.2-r1</unaffected>
33 <vulnerable range="lt">3.1.2-r1</vulnerable>
34 </package>
35 </affected>
36 <background>
37 <p>libarchive is a library for manipulating different streaming archive
38 formats, including certain tar variants, several cpio formats, and both
39 BSD and GNU ar variants.
40 </p>
41 </background>
42 <description>
43 <p>Multiple vulnerabilities have been discovered in libarchive. Please
44 review the CVE identifiers referenced below for details.
45 </p>
46 </description>
47 <impact type="normal">
48 <p>A remote attacker could entice a user or automated process to open a
49 specially crafted archive using an application linked against libarchive,
50 possibly resulting in execution of arbitrary code with the privileges of
51 the process or a Denial of Service condition.
52 </p>
53 </impact>
54 <workaround>
55 <p>There is no known workaround at this time.</p>
56 </workaround>
57 <resolution>
58 <p>All libarchive users should upgrade to the latest version:</p>
59
60 <code>
61 # emerge --sync
62 # emerge --ask --oneshot --verbose "&gt;=app-arch/libarchive-3.1.2-r1"
63 </code>
64
65 <p>Packages which depend on this library may need to be recompiled. Tools
66 such as revdep-rebuild may assist in identifying some of these packages.
67 </p>
68 </resolution>
69 <references>
70 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4666">CVE-2010-4666</uri>
71 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1777">CVE-2011-1777</uri>
72 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1778">CVE-2011-1778</uri>
73 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1779">CVE-2011-1779</uri>
74 <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0211">CVE-2013-0211</uri>
75 </references>
76 <metadata tag="requester" timestamp="Sun, 22 Jan 2012 19:10:06 +0000">
77 underling
78 </metadata>
79 <metadata tag="submitter" timestamp="Sun, 01 Jun 2014 15:10:38 +0000">ackle</metadata>
80 </glsa>