Red Hat Customer Portal

Skip to main content

Security Advisory Important: libarchive security update

Advisory: RHSA-2016:1844-4
Type: Security Advisory
Severity: Important
Issued on: 2016-09-12
Last updated on: 2016-09-12
Affected Products: Red Hat Enterprise Linux Desktop (v. 7)
Red Hat Enterprise Linux HPC Node (v. 7)
Red Hat Enterprise Linux HPC Node EUS (v. 7.2)
Red Hat Enterprise Linux Server (v. 7)
Red Hat Enterprise Linux Server AUS (v. 7.2)
Red Hat Enterprise Linux Server EUS (v. 7.2)
Red Hat Enterprise Linux Server TUS (v. 7.2)
Red Hat Enterprise Linux Workstation (v. 7)
CVEs (cve.mitre.org): CVE-2015-8916
CVE-2015-8917
CVE-2015-8919
CVE-2015-8920
CVE-2015-8921
CVE-2015-8922
CVE-2015-8923
CVE-2015-8924
CVE-2015-8925
CVE-2015-8926
CVE-2015-8928
CVE-2015-8930
CVE-2015-8931
CVE-2015-8932
CVE-2015-8934
CVE-2016-1541
CVE-2016-4300
CVE-2016-4302
CVE-2016-4809
CVE-2016-5418
CVE-2016-5844
CVE-2016-6250
CVE-2016-7166

Details

An update for libarchive is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

The libarchive programming library can create and read several different
streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images.
Libarchive is used notably in the bsdtar utility, scripting language bindings
such as python-libarchive, and several popular desktop file managers.

Security Fix(es):

* A flaw was found in the way libarchive handled hardlink archive entries of
non-zero size. Combined with flaws in libarchive's file system sandboxing, this
issue could cause an application using libarchive to overwrite arbitrary files
with arbitrary data from the archive. (CVE-2016-5418)

* Multiple out-of-bounds write flaws were found in libarchive. Specially crafted
ZIP, 7ZIP, or RAR files could cause a heap overflow, potentially allowing code
execution in the context of the application using libarchive. (CVE-2016-1541,
CVE-2016-4300, CVE-2016-4302)

* Multiple out-of-bounds read flaws were found in libarchive. Specially crafted
LZA/LZH, AR, MTREE, ZIP, TAR, or RAR files could cause the application to read
data out of bounds, potentially disclosing a small amount of application memory,
or causing an application crash. (CVE-2015-8919, CVE-2015-8920, CVE-2015-8921,
CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928,
CVE-2015-8934)

* Multiple NULL pointer dereference flaws were found in libarchive. Specially
crafted RAR, CAB, or 7ZIP files could cause an application using libarchive to
crash. (CVE-2015-8916, CVE-2015-8917, CVE-2015-8922)

* Multiple infinite loop / resource exhaustion flaws were found in libarchive.
Specially crafted GZIP or ISO files could cause the application to consume an
excessive amount of resources, eventually leading to a crash on memory
exhaustion. (CVE-2016-7166, CVE-2015-8930)

* A denial of service vulnerability was found in libarchive. A specially crafted
CPIO archive containing a symbolic link to a large target path could cause
memory allocation to fail, causing an application using libarchive that
attempted to view or extract such archive to crash. (CVE-2016-4809)

* An integer overflow flaw, leading to a buffer overflow, was found in
libarchive's construction of ISO9660 volumes. Attempting to create an ISO9660
volume with 2 GB or 4 GB file names could cause the application to attempt to
allocate 20 GB of memory. If this were to succeed, it could lead to an out of
bounds write on the heap and potential code execution. (CVE-2016-6250)

* Multiple instances of undefined behavior due to arithmetic overflow were found
in libarchive. Specially crafted MTREE archives, Compress streams, or ISO9660
volumes could potentially cause the application to fail to read the archive, or
to crash. (CVE-2015-8931, CVE-2015-8932, CVE-2016-5844)

Red Hat would like to thank Insomnia Security for reporting CVE-2016-5418.


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
libarchive-3.1.2-10.el7_2.src.rpm     MD5: c81d3300cfb7d0046cab486397d2c153
SHA-256: 904ee0157031ad7d0455ae0a391ad8182afac80fae6e137171f1c5009094c7af
 
x86_64:
bsdcpio-3.1.2-10.el7_2.x86_64.rpm     MD5: 69dca6f3426b70ccb4ba1adc0df54a81
SHA-256: 30cb7fbfcc3cde575e7360782af8671173623ce9a554950105f9f9adc0293859
bsdtar-3.1.2-10.el7_2.x86_64.rpm     MD5: ba3864bbbae47809c41959025fbceaa4
SHA-256: 4059ee93540f12699bf392c90521d3845914159316faa35a9cf62965dd30e672
libarchive-3.1.2-10.el7_2.i686.rpm     MD5: e1eaaad149cf2c0c0a078d8ff9fdd641
SHA-256: 198ba82ac5b52e7761a69895261bbdde5d6cb61297f419870f58334b518222aa
libarchive-3.1.2-10.el7_2.x86_64.rpm     MD5: e527cf74947be49d86ff0e23012cf6b4
SHA-256: 9bc5fbfb6cdbc862cc5e19ca21a15f04d01586cc5ec935edc4f037c4689eb1ae
libarchive-debuginfo-3.1.2-10.el7_2.i686.rpm     MD5: f6a57e96003de7e64fb9491da4422fed
SHA-256: ad65751e4d906a23d8f0526d64d18ca6a0aaa47ec1b134bede562b8bd456d130
libarchive-debuginfo-3.1.2-10.el7_2.x86_64.rpm     MD5: 2f282c0ab0d172abc588006474b834a2
SHA-256: 33a078ff77701ca102eaf6099ad4a821d76afeac0b2a561ed249da9fa82611e1
libarchive-devel-3.1.2-10.el7_2.i686.rpm     MD5: 2e5ea2f00c4e404d553e0a4e2ab6b5f9
SHA-256: 805d3830165f23f0ece4e50963a3fe04ae40d745f69364ee94147feb4c58240e
libarchive-devel-3.1.2-10.el7_2.x86_64.rpm     MD5: 923f2e4271090de75d4c8f29d4224029
SHA-256: d6de069d94c65d835a250b296b1cc4351fec95a5fe03e5800f1cb3b8e8b7b713
 
Red Hat Enterprise Linux HPC Node (v. 7)

SRPMS:
libarchive-3.1.2-10.el7_2.src.rpm     MD5: c81d3300cfb7d0046cab486397d2c153
SHA-256: 904ee0157031ad7d0455ae0a391ad8182afac80fae6e137171f1c5009094c7af
 
x86_64:
bsdcpio-3.1.2-10.el7_2.x86_64.rpm     MD5: 69dca6f3426b70ccb4ba1adc0df54a81
SHA-256: 30cb7fbfcc3cde575e7360782af8671173623ce9a554950105f9f9adc0293859
bsdtar-3.1.2-10.el7_2.x86_64.rpm     MD5: ba3864bbbae47809c41959025fbceaa4
SHA-256: 4059ee93540f12699bf392c90521d3845914159316faa35a9cf62965dd30e672
libarchive-3.1.2-10.el7_2.i686.rpm     MD5: e1eaaad149cf2c0c0a078d8ff9fdd641
SHA-256: 198ba82ac5b52e7761a69895261bbdde5d6cb61297f419870f58334b518222aa
libarchive-3.1.2-10.el7_2.x86_64.rpm     MD5: e527cf74947be49d86ff0e23012cf6b4
SHA-256: 9bc5fbfb6cdbc862cc5e19ca21a15f04d01586cc5ec935edc4f037c4689eb1ae
libarchive-debuginfo-3.1.2-10.el7_2.i686.rpm     MD5: f6a57e96003de7e64fb9491da4422fed
SHA-256: ad65751e4d906a23d8f0526d64d18ca6a0aaa47ec1b134bede562b8bd456d130
libarchive-debuginfo-3.1.2-10.el7_2.x86_64.rpm     MD5: 2f282c0ab0d172abc588006474b834a2
SHA-256: 33a078ff77701ca102eaf6099ad4a821d76afeac0b2a561ed249da9fa82611e1
libarchive-devel-3.1.2-10.el7_2.i686.rpm     MD5: 2e5ea2f00c4e404d553e0a4e2ab6b5f9
SHA-256: 805d3830165f23f0ece4e50963a3fe04ae40d745f69364ee94147feb4c58240e
libarchive-devel-3.1.2-10.el7_2.x86_64.rpm     MD5: 923f2e4271090de75d4c8f29d4224029
SHA-256: d6de069d94c65d835a250b296b1cc4351fec95a5fe03e5800f1cb3b8e8b7b713
 
Red Hat Enterprise Linux HPC Node EUS (v. 7.2)

SRPMS:
libarchive-3.1.2-10.el7_2.src.rpm     MD5: c81d3300cfb7d0046cab486397d2c153
SHA-256: 904ee0157031ad7d0455ae0a391ad8182afac80fae6e137171f1c5009094c7af
 
x86_64:
bsdcpio-3.1.2-10.el7_2.x86_64.rpm     MD5: 69dca6f3426b70ccb4ba1adc0df54a81
SHA-256: 30cb7fbfcc3cde575e7360782af8671173623ce9a554950105f9f9adc0293859
bsdtar-3.1.2-10.el7_2.x86_64.rpm     MD5: ba3864bbbae47809c41959025fbceaa4
SHA-256: 4059ee93540f12699bf392c90521d3845914159316faa35a9cf62965dd30e672
libarchive-3.1.2-10.el7_2.i686.rpm     MD5: e1eaaad149cf2c0c0a078d8ff9fdd641
SHA-256: 198ba82ac5b52e7761a69895261bbdde5d6cb61297f419870f58334b518222aa
libarchive-3.1.2-10.el7_2.x86_64.rpm     MD5: e527cf74947be49d86ff0e23012cf6b4
SHA-256: 9bc5fbfb6cdbc862cc5e19ca21a15f04d01586cc5ec935edc4f037c4689eb1ae
libarchive-debuginfo-3.1.2-10.el7_2.i686.rpm     MD5: f6a57e96003de7e64fb9491da4422fed
SHA-256: ad65751e4d906a23d8f0526d64d18ca6a0aaa47ec1b134bede562b8bd456d130
libarchive-debuginfo-3.1.2-10.el7_2.x86_64.rpm     MD5: 2f282c0ab0d172abc588006474b834a2
SHA-256: 33a078ff77701ca102eaf6099ad4a821d76afeac0b2a561ed249da9fa82611e1
libarchive-devel-3.1.2-10.el7_2.i686.rpm     MD5: 2e5ea2f00c4e404d553e0a4e2ab6b5f9
SHA-256: 805d3830165f23f0ece4e50963a3fe04ae40d745f69364ee94147feb4c58240e
libarchive-devel-3.1.2-10.el7_2.x86_64.rpm     MD5: 923f2e4271090de75d4c8f29d4224029
SHA-256: d6de069d94c65d835a250b296b1cc4351fec95a5fe03e5800f1cb3b8e8b7b713
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
libarchive-3.1.2-10.el7_2.src.rpm     MD5: c81d3300cfb7d0046cab486397d2c153
SHA-256: 904ee0157031ad7d0455ae0a391ad8182afac80fae6e137171f1c5009094c7af
 
PPC:
bsdcpio-3.1.2-10.el7_2.ppc64.rpm     MD5: 40239ccff320ec43509f4d35db808697
SHA-256: c25a1a3d5899f87cbd0b60905689e5df2439307878f0cca6b7b7dde6251749c1
bsdtar-3.1.2-10.el7_2.ppc64.rpm     MD5: 1e8ff7488300b525f79401f2b408d06e
SHA-256: b229c7e9f7b002536f7e7b789bfe21ee1808e0fb9553d30168378e8cafe62d99
libarchive-3.1.2-10.el7_2.ppc.rpm     MD5: bba444ce0551eb716ad94de4aaabecfa
SHA-256: 0f44c86680f197606ad745194377c456882c2dc07276ccadc8ad7a07e9dc0cf8
libarchive-3.1.2-10.el7_2.ppc64.rpm     MD5: 77a198bb73ee85839bb7fa948072af3f
SHA-256: 1aaafb2018d4b4387a07f79886bf15f87eb2f18d8b83bd02d7493502ccdbbe90
libarchive-debuginfo-3.1.2-10.el7_2.ppc.rpm     MD5: 92c4dd996d555206a5803102883e47d0
SHA-256: befb809d0e608cee5a0c7129d9cdee5b20759ba210a5bf4c1009da6d8ea38b44
libarchive-debuginfo-3.1.2-10.el7_2.ppc64.rpm     MD5: 70306960b4b2212a57e7d5bd431ece41
SHA-256: 9af766698122998d99f43ee46ce660d11ec50d78b6c03ce122e7e254f908f01b
libarchive-devel-3.1.2-10.el7_2.ppc.rpm     MD5: 2bb9478b4f591712af0422dcbf73de3e
SHA-256: 63be56ff78cc511bf509ff164f2f5afc0c5b6ec69c0c9f5e36b9bd94bc6d761a
libarchive-devel-3.1.2-10.el7_2.ppc64.rpm     MD5: 533279d72f72a365f5a4094e0d768659
SHA-256: 576cebd7e573ed30fcdda991061156f3fb89950438624e6c8c6b4b0f86143ca6
 
PPC64LE:
bsdcpio-3.1.2-10.el7_2.ppc64le.rpm     MD5: b1e84b3c4f29fc9e452f66184f2f6386
SHA-256: 7d0eb438ff4db61a747f7be8de1d22b61550969c5e89d4439f3e22750d53822e
bsdtar-3.1.2-10.el7_2.ppc64le.rpm     MD5: 9f0e683c62c283baeda5866e0871b911
SHA-256: 252b64e7550ca46e6f37e11c77b511e95a53a0c7c6c12695573cafe5dbddb9b0
libarchive-3.1.2-10.el7_2.ppc64le.rpm     MD5: ea45121a1024af087e02997523df40b2
SHA-256: 4f311f0e25ecd38d2db3b899261875b8f87e49a380eb7ee32d50565a4c757d07
libarchive-debuginfo-3.1.2-10.el7_2.ppc64le.rpm     MD5: 8b735037c42f51f3b6cbe1d6a59f89de
SHA-256: 1f5d4a9b8ca70c881693f47279f3e7f3e2a83f38f80042713ae9a212f1e77e8e
libarchive-devel-3.1.2-10.el7_2.ppc64le.rpm     MD5: 6416d6504fdf893d305a2fff5ac3431f
SHA-256: dbf3d2acae80ef5186b520e61b3adf30b2a438ec138c2836c6863c74e3b97fa2
 
s390x:
bsdcpio-3.1.2-10.el7_2.s390x.rpm     MD5: a0c567bca0739945161a37827e22cc15
SHA-256: 18b86e0e81f51bba0a012af17e2c4df5b2a8063985d8bce2ecce114034d9d3f9
bsdtar-3.1.2-10.el7_2.s390x.rpm     MD5: af912bc9d1328b521d7559db90111746
SHA-256: ac3ed601ae560477633b110703293551ec2ed762ef4570eab922ea084a354ea9
libarchive-3.1.2-10.el7_2.s390.rpm     MD5: c20f5ac1f9f444a2ed7af7255f198aae
SHA-256: 53245a5a9656bc826d948d5126a01948e2f5170f740cf3c5414db9a080cbebd6
libarchive-3.1.2-10.el7_2.s390x.rpm     MD5: b9014683e22076ff057cef2ad70c5c37
SHA-256: 0758d2b7e679ba21bc822bb0e6d7b64be85eda15ff1ca7839fa0be8753217843
libarchive-debuginfo-3.1.2-10.el7_2.s390.rpm     MD5: bd6f5b71495ed7a3e5faab733694c1e5
SHA-256: 41742874c92c9b71793516570e2387a182374f2114c06b975e1e150e9a180f33
libarchive-debuginfo-3.1.2-10.el7_2.s390x.rpm     MD5: df50cb553f55321171e21e40184af2ba
SHA-256: af216d92d67dc934af44107d98db5540f8e94cdecbe2c6a730e19ec1d75adf5d
libarchive-devel-3.1.2-10.el7_2.s390.rpm     MD5: 837d481070f83a58cf2dac1a108e38cd
SHA-256: b5a3c61b50e7842d3fae18c49999233f0cb2db7bc1a76a851d485ecd116aa30f
libarchive-devel-3.1.2-10.el7_2.s390x.rpm     MD5: a3a84903056caf4975afa08c831f5b09
SHA-256: 824e3488b90b1bb5281e86ecb1ce38dc1eb2ddd53fe27d2e6594f89f9e335ffe
 
x86_64:
bsdcpio-3.1.2-10.el7_2.x86_64.rpm     MD5: 69dca6f3426b70ccb4ba1adc0df54a81
SHA-256: 30cb7fbfcc3cde575e7360782af8671173623ce9a554950105f9f9adc0293859
bsdtar-3.1.2-10.el7_2.x86_64.rpm     MD5: ba3864bbbae47809c41959025fbceaa4
SHA-256: 4059ee93540f12699bf392c90521d3845914159316faa35a9cf62965dd30e672
libarchive-3.1.2-10.el7_2.i686.rpm     MD5: e1eaaad149cf2c0c0a078d8ff9fdd641
SHA-256: 198ba82ac5b52e7761a69895261bbdde5d6cb61297f419870f58334b518222aa
libarchive-3.1.2-10.el7_2.x86_64.rpm     MD5: e527cf74947be49d86ff0e23012cf6b4
SHA-256: 9bc5fbfb6cdbc862cc5e19ca21a15f04d01586cc5ec935edc4f037c4689eb1ae
libarchive-debuginfo-3.1.2-10.el7_2.i686.rpm     MD5: f6a57e96003de7e64fb9491da4422fed
SHA-256: ad65751e4d906a23d8f0526d64d18ca6a0aaa47ec1b134bede562b8bd456d130
libarchive-debuginfo-3.1.2-10.el7_2.x86_64.rpm     MD5: 2f282c0ab0d172abc588006474b834a2
SHA-256: 33a078ff77701ca102eaf6099ad4a821d76afeac0b2a561ed249da9fa82611e1
libarchive-devel-3.1.2-10.el7_2.i686.rpm     MD5: 2e5ea2f00c4e404d553e0a4e2ab6b5f9
SHA-256: 805d3830165f23f0ece4e50963a3fe04ae40d745f69364ee94147feb4c58240e
libarchive-devel-3.1.2-10.el7_2.x86_64.rpm     MD5: 923f2e4271090de75d4c8f29d4224029
SHA-256: d6de069d94c65d835a250b296b1cc4351fec95a5fe03e5800f1cb3b8e8b7b713
 
Red Hat Enterprise Linux Server AUS (v. 7.2)

SRPMS:
libarchive-3.1.2-10.el7_2.src.rpm     MD5: c81d3300cfb7d0046cab486397d2c153
SHA-256: 904ee0157031ad7d0455ae0a391ad8182afac80fae6e137171f1c5009094c7af
 
x86_64:
bsdcpio-3.1.2-10.el7_2.x86_64.rpm     MD5: 69dca6f3426b70ccb4ba1adc0df54a81
SHA-256: 30cb7fbfcc3cde575e7360782af8671173623ce9a554950105f9f9adc0293859
bsdtar-3.1.2-10.el7_2.x86_64.rpm     MD5: ba3864bbbae47809c41959025fbceaa4
SHA-256: 4059ee93540f12699bf392c90521d3845914159316faa35a9cf62965dd30e672
libarchive-3.1.2-10.el7_2.i686.rpm     MD5: e1eaaad149cf2c0c0a078d8ff9fdd641
SHA-256: 198ba82ac5b52e7761a69895261bbdde5d6cb61297f419870f58334b518222aa
libarchive-3.1.2-10.el7_2.x86_64.rpm     MD5: e527cf74947be49d86ff0e23012cf6b4
SHA-256: 9bc5fbfb6cdbc862cc5e19ca21a15f04d01586cc5ec935edc4f037c4689eb1ae
libarchive-debuginfo-3.1.2-10.el7_2.i686.rpm     MD5: f6a57e96003de7e64fb9491da4422fed
SHA-256: ad65751e4d906a23d8f0526d64d18ca6a0aaa47ec1b134bede562b8bd456d130
libarchive-debuginfo-3.1.2-10.el7_2.x86_64.rpm     MD5: 2f282c0ab0d172abc588006474b834a2
SHA-256: 33a078ff77701ca102eaf6099ad4a821d76afeac0b2a561ed249da9fa82611e1
libarchive-devel-3.1.2-10.el7_2.i686.rpm     MD5: 2e5ea2f00c4e404d553e0a4e2ab6b5f9
SHA-256: 805d3830165f23f0ece4e50963a3fe04ae40d745f69364ee94147feb4c58240e
libarchive-devel-3.1.2-10.el7_2.x86_64.rpm     MD5: 923f2e4271090de75d4c8f29d4224029
SHA-256: d6de069d94c65d835a250b296b1cc4351fec95a5fe03e5800f1cb3b8e8b7b713
 
Red Hat Enterprise Linux Server EUS (v. 7.2)

SRPMS:
libarchive-3.1.2-10.el7_2.src.rpm     MD5: c81d3300cfb7d0046cab486397d2c153
SHA-256: 904ee0157031ad7d0455ae0a391ad8182afac80fae6e137171f1c5009094c7af
 
PPC:
bsdcpio-3.1.2-10.el7_2.ppc64.rpm     MD5: 40239ccff320ec43509f4d35db808697
SHA-256: c25a1a3d5899f87cbd0b60905689e5df2439307878f0cca6b7b7dde6251749c1
bsdtar-3.1.2-10.el7_2.ppc64.rpm     MD5: 1e8ff7488300b525f79401f2b408d06e
SHA-256: b229c7e9f7b002536f7e7b789bfe21ee1808e0fb9553d30168378e8cafe62d99
libarchive-3.1.2-10.el7_2.ppc.rpm     MD5: bba444ce0551eb716ad94de4aaabecfa
SHA-256: 0f44c86680f197606ad745194377c456882c2dc07276ccadc8ad7a07e9dc0cf8
libarchive-3.1.2-10.el7_2.ppc64.rpm     MD5: 77a198bb73ee85839bb7fa948072af3f
SHA-256: 1aaafb2018d4b4387a07f79886bf15f87eb2f18d8b83bd02d7493502ccdbbe90
libarchive-debuginfo-3.1.2-10.el7_2.ppc.rpm     MD5: 92c4dd996d555206a5803102883e47d0
SHA-256: befb809d0e608cee5a0c7129d9cdee5b20759ba210a5bf4c1009da6d8ea38b44
libarchive-debuginfo-3.1.2-10.el7_2.ppc64.rpm     MD5: 70306960b4b2212a57e7d5bd431ece41
SHA-256: 9af766698122998d99f43ee46ce660d11ec50d78b6c03ce122e7e254f908f01b
libarchive-devel-3.1.2-10.el7_2.ppc.rpm     MD5: 2bb9478b4f591712af0422dcbf73de3e
SHA-256: 63be56ff78cc511bf509ff164f2f5afc0c5b6ec69c0c9f5e36b9bd94bc6d761a
libarchive-devel-3.1.2-10.el7_2.ppc64.rpm     MD5: 533279d72f72a365f5a4094e0d768659
SHA-256: 576cebd7e573ed30fcdda991061156f3fb89950438624e6c8c6b4b0f86143ca6
 
PPC64LE:
bsdcpio-3.1.2-10.el7_2.ppc64le.rpm     MD5: b1e84b3c4f29fc9e452f66184f2f6386
SHA-256: 7d0eb438ff4db61a747f7be8de1d22b61550969c5e89d4439f3e22750d53822e
bsdtar-3.1.2-10.el7_2.ppc64le.rpm     MD5: 9f0e683c62c283baeda5866e0871b911
SHA-256: 252b64e7550ca46e6f37e11c77b511e95a53a0c7c6c12695573cafe5dbddb9b0
libarchive-3.1.2-10.el7_2.ppc64le.rpm     MD5: ea45121a1024af087e02997523df40b2
SHA-256: 4f311f0e25ecd38d2db3b899261875b8f87e49a380eb7ee32d50565a4c757d07
libarchive-debuginfo-3.1.2-10.el7_2.ppc64le.rpm     MD5: 8b735037c42f51f3b6cbe1d6a59f89de
SHA-256: 1f5d4a9b8ca70c881693f47279f3e7f3e2a83f38f80042713ae9a212f1e77e8e
libarchive-devel-3.1.2-10.el7_2.ppc64le.rpm     MD5: 6416d6504fdf893d305a2fff5ac3431f
SHA-256: dbf3d2acae80ef5186b520e61b3adf30b2a438ec138c2836c6863c74e3b97fa2
 
s390x:
bsdcpio-3.1.2-10.el7_2.s390x.rpm     MD5: a0c567bca0739945161a37827e22cc15
SHA-256: 18b86e0e81f51bba0a012af17e2c4df5b2a8063985d8bce2ecce114034d9d3f9
bsdtar-3.1.2-10.el7_2.s390x.rpm     MD5: af912bc9d1328b521d7559db90111746
SHA-256: ac3ed601ae560477633b110703293551ec2ed762ef4570eab922ea084a354ea9
libarchive-3.1.2-10.el7_2.s390.rpm     MD5: c20f5ac1f9f444a2ed7af7255f198aae
SHA-256: 53245a5a9656bc826d948d5126a01948e2f5170f740cf3c5414db9a080cbebd6
libarchive-3.1.2-10.el7_2.s390x.rpm     MD5: b9014683e22076ff057cef2ad70c5c37
SHA-256: 0758d2b7e679ba21bc822bb0e6d7b64be85eda15ff1ca7839fa0be8753217843
libarchive-debuginfo-3.1.2-10.el7_2.s390.rpm     MD5: bd6f5b71495ed7a3e5faab733694c1e5
SHA-256: 41742874c92c9b71793516570e2387a182374f2114c06b975e1e150e9a180f33
libarchive-debuginfo-3.1.2-10.el7_2.s390x.rpm     MD5: df50cb553f55321171e21e40184af2ba
SHA-256: af216d92d67dc934af44107d98db5540f8e94cdecbe2c6a730e19ec1d75adf5d
libarchive-devel-3.1.2-10.el7_2.s390.rpm     MD5: 837d481070f83a58cf2dac1a108e38cd
SHA-256: b5a3c61b50e7842d3fae18c49999233f0cb2db7bc1a76a851d485ecd116aa30f
libarchive-devel-3.1.2-10.el7_2.s390x.rpm     MD5: a3a84903056caf4975afa08c831f5b09
SHA-256: 824e3488b90b1bb5281e86ecb1ce38dc1eb2ddd53fe27d2e6594f89f9e335ffe
 
x86_64:
bsdcpio-3.1.2-10.el7_2.x86_64.rpm     MD5: 69dca6f3426b70ccb4ba1adc0df54a81
SHA-256: 30cb7fbfcc3cde575e7360782af8671173623ce9a554950105f9f9adc0293859
bsdtar-3.1.2-10.el7_2.x86_64.rpm     MD5: ba3864bbbae47809c41959025fbceaa4
SHA-256: 4059ee93540f12699bf392c90521d3845914159316faa35a9cf62965dd30e672
libarchive-3.1.2-10.el7_2.i686.rpm     MD5: e1eaaad149cf2c0c0a078d8ff9fdd641
SHA-256: 198ba82ac5b52e7761a69895261bbdde5d6cb61297f419870f58334b518222aa
libarchive-3.1.2-10.el7_2.x86_64.rpm     MD5: e527cf74947be49d86ff0e23012cf6b4
SHA-256: 9bc5fbfb6cdbc862cc5e19ca21a15f04d01586cc5ec935edc4f037c4689eb1ae
libarchive-debuginfo-3.1.2-10.el7_2.i686.rpm     MD5: f6a57e96003de7e64fb9491da4422fed
SHA-256: ad65751e4d906a23d8f0526d64d18ca6a0aaa47ec1b134bede562b8bd456d130
libarchive-debuginfo-3.1.2-10.el7_2.x86_64.rpm     MD5: 2f282c0ab0d172abc588006474b834a2
SHA-256: 33a078ff77701ca102eaf6099ad4a821d76afeac0b2a561ed249da9fa82611e1
libarchive-devel-3.1.2-10.el7_2.i686.rpm     MD5: 2e5ea2f00c4e404d553e0a4e2ab6b5f9
SHA-256: 805d3830165f23f0ece4e50963a3fe04ae40d745f69364ee94147feb4c58240e
libarchive-devel-3.1.2-10.el7_2.x86_64.rpm     MD5: 923f2e4271090de75d4c8f29d4224029
SHA-256: d6de069d94c65d835a250b296b1cc4351fec95a5fe03e5800f1cb3b8e8b7b713
 
Red Hat Enterprise Linux Server TUS (v. 7.2)

SRPMS:
libarchive-3.1.2-10.el7_2.src.rpm     MD5: c81d3300cfb7d0046cab486397d2c153
SHA-256: 904ee0157031ad7d0455ae0a391ad8182afac80fae6e137171f1c5009094c7af
 
x86_64:
bsdcpio-3.1.2-10.el7_2.x86_64.rpm     MD5: 69dca6f3426b70ccb4ba1adc0df54a81
SHA-256: 30cb7fbfcc3cde575e7360782af8671173623ce9a554950105f9f9adc0293859
bsdtar-3.1.2-10.el7_2.x86_64.rpm     MD5: ba3864bbbae47809c41959025fbceaa4
SHA-256: 4059ee93540f12699bf392c90521d3845914159316faa35a9cf62965dd30e672
libarchive-3.1.2-10.el7_2.i686.rpm     MD5: e1eaaad149cf2c0c0a078d8ff9fdd641
SHA-256: 198ba82ac5b52e7761a69895261bbdde5d6cb61297f419870f58334b518222aa
libarchive-3.1.2-10.el7_2.x86_64.rpm     MD5: e527cf74947be49d86ff0e23012cf6b4
SHA-256: 9bc5fbfb6cdbc862cc5e19ca21a15f04d01586cc5ec935edc4f037c4689eb1ae
libarchive-debuginfo-3.1.2-10.el7_2.i686.rpm     MD5: f6a57e96003de7e64fb9491da4422fed
SHA-256: ad65751e4d906a23d8f0526d64d18ca6a0aaa47ec1b134bede562b8bd456d130
libarchive-debuginfo-3.1.2-10.el7_2.x86_64.rpm     MD5: 2f282c0ab0d172abc588006474b834a2
SHA-256: 33a078ff77701ca102eaf6099ad4a821d76afeac0b2a561ed249da9fa82611e1
libarchive-devel-3.1.2-10.el7_2.i686.rpm     MD5: 2e5ea2f00c4e404d553e0a4e2ab6b5f9
SHA-256: 805d3830165f23f0ece4e50963a3fe04ae40d745f69364ee94147feb4c58240e
libarchive-devel-3.1.2-10.el7_2.x86_64.rpm     MD5: 923f2e4271090de75d4c8f29d4224029
SHA-256: d6de069d94c65d835a250b296b1cc4351fec95a5fe03e5800f1cb3b8e8b7b713
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
libarchive-3.1.2-10.el7_2.src.rpm     MD5: c81d3300cfb7d0046cab486397d2c153
SHA-256: 904ee0157031ad7d0455ae0a391ad8182afac80fae6e137171f1c5009094c7af
 
x86_64:
bsdcpio-3.1.2-10.el7_2.x86_64.rpm     MD5: 69dca6f3426b70ccb4ba1adc0df54a81
SHA-256: 30cb7fbfcc3cde575e7360782af8671173623ce9a554950105f9f9adc0293859
bsdtar-3.1.2-10.el7_2.x86_64.rpm     MD5: ba3864bbbae47809c41959025fbceaa4
SHA-256: 4059ee93540f12699bf392c90521d3845914159316faa35a9cf62965dd30e672
libarchive-3.1.2-10.el7_2.i686.rpm     MD5: e1eaaad149cf2c0c0a078d8ff9fdd641
SHA-256: 198ba82ac5b52e7761a69895261bbdde5d6cb61297f419870f58334b518222aa
libarchive-3.1.2-10.el7_2.x86_64.rpm     MD5: e527cf74947be49d86ff0e23012cf6b4
SHA-256: 9bc5fbfb6cdbc862cc5e19ca21a15f04d01586cc5ec935edc4f037c4689eb1ae
libarchive-debuginfo-3.1.2-10.el7_2.i686.rpm     MD5: f6a57e96003de7e64fb9491da4422fed
SHA-256: ad65751e4d906a23d8f0526d64d18ca6a0aaa47ec1b134bede562b8bd456d130
libarchive-debuginfo-3.1.2-10.el7_2.x86_64.rpm     MD5: 2f282c0ab0d172abc588006474b834a2
SHA-256: 33a078ff77701ca102eaf6099ad4a821d76afeac0b2a561ed249da9fa82611e1
libarchive-devel-3.1.2-10.el7_2.i686.rpm     MD5: 2e5ea2f00c4e404d553e0a4e2ab6b5f9
SHA-256: 805d3830165f23f0ece4e50963a3fe04ae40d745f69364ee94147feb4c58240e
libarchive-devel-3.1.2-10.el7_2.x86_64.rpm     MD5: 923f2e4271090de75d4c8f29d4224029
SHA-256: d6de069d94c65d835a250b296b1cc4351fec95a5fe03e5800f1cb3b8e8b7b713
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1334211 - CVE-2016-1541 libarchive: zip_read_mac_metadata() heap-based buffer overflow
1347084 - CVE-2016-4809 libarchive: Memory allocate error with symbolic links in cpio archives
1347085 - CVE-2016-6250 libarchive: Buffer overflow when writing large iso9660 containers
1347086 - CVE-2016-7166 libarchive: Denial of service using a crafted gzip file
1348412 - CVE-2015-8916 libarchive: NULL pointer access in RAR parser through bsdtar
1348413 - CVE-2015-8917 libarchive: NULL pointer access in CAB parser
1348414 - CVE-2015-8919 libarchive: Heap out of bounds read in LHA/LZH parser
1348416 - CVE-2015-8920 libarchive: Stack out of bounds read in ar parser
1348419 - CVE-2015-8922 libarchive: NULL pointer access in 7z parser
1348421 - CVE-2015-8924 libarchive: Heap out of bounds read in TAR parser
1348423 - CVE-2015-8925 libarchive: Unclear invalid memory read in mtree parser
1348424 - CVE-2015-8926 libarchive: NULL pointer access in RAR parser
1348429 - CVE-2015-8928 libarchive: Heap out of bounds read in mtree parser
1348439 - CVE-2016-4300 libarchive: Heap buffer overflow vulnerability in the 7zip read_SubStreamsInfo
1348444 - CVE-2016-4302 libarchive: Heap buffer overflow in the Rar decompression functionality
1348772 - CVE-2015-8921 libarchive: Global out of bounds read in mtree parser
1348773 - CVE-2015-8923 libarchive: Unclear crashes in ZIP parser
1348779 - CVE-2015-8931 libarchive: Undefined behavior (signed integer overflow) in mtree parser
1348780 - CVE-2015-8932 libarchive: Undefined behavior / invalid shiftleft in TAR parser
1349204 - CVE-2015-8930 libarchive: Endless loop in ISO parser
1349229 - CVE-2015-8934 libarchive: out of bounds heap read in RAR parser
1350280 - CVE-2016-5844 libarchive: undefined behaviour (integer overflow) in iso parser
1362601 - CVE-2016-5418 libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/