MGASA-2016-0239

An out of bounds read in the rar parser: invalid read in function copyfromlzss_window() when unpacking malformed rar (CVE-2015-8934).

An exploitable heap overflow vulnerability exists in the 7zip read_SubStreamsInfo functionality of libarchive. A specially crafted 7zip file can cause a integer overflow resulting in memory corruption that can lead to code execution. An attacker can send a malformed file to trigger this vulnerability (CVE-2016-4300).

An exploitable stack based buffer overflow vulnerability exists in the mtree parse_device functionality of libarchive. A specially crafted mtree file can cause a buffer overflow resulting in memory corruption/code execution. An attacker can send a malformed file to trigger this vulnerability (CVE-2016-4301).

An exploitable heap overflow vulnerability exists in the Rar decompression functionality of libarchive. A specially crafted Rar file can cause a heap corruption eventually leading to code execution. An attacker can send a malformed file to trigger this vulnerability (CVE-2016-4302).

A signed integer overflow in iso parser: integer overflow when computing location of volume descriptor (CVE-2016-5844).

The libarchive package has been updated to version 3.2.1, fixing those issues and other bugs.