Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for libarchive fixes the following issues:
Security issues fixed:
- CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder (bsc#1120653) - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder (bsc#1120654) - CVE-2018-1000879: Fixed a NULL Pointer Dereference vulnerability in ACL parser (bsc#1120656) - CVE-2018-1000880: Fixed an Improper Input Validation vulnerability in WARC parser (bsc#1120659) - CVE-2019-1000019: Fixed an Out-Of-Bounds Read vulnerability in 7zip decompression (bsc#1124341) - CVE-2019-1000020: Fixed an Infinite Loop vulnerability in ISO9660 parser (bsc#1124342)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Development Tools 15:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-831=1
- SUSE Linux Enterprise Module for Basesystem 15:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-831=1
Package List:
- SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64):