Skip to navigation

Security Advisory Moderate: libarchive security update

Advisory: RHSA-2011:1507-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-12-01
Last updated on: 2011-12-01
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.1.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-1777
CVE-2011-1778

Details

Updated libarchive packages that fix two security issues are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The libarchive programming library can create and read several different
streaming archive formats, including GNU tar and cpio. It can also read ISO
9660 CD-ROM images.

Two heap-based buffer overflow flaws were discovered in libarchive. If a
user were tricked into expanding a specially-crafted ISO 9660 CD-ROM image
or tar archive with an application using libarchive, it could cause the
application to crash or, potentially, execute arbitrary code with the
privileges of the user running the application. (CVE-2011-1777,
CVE-2011-1778)

All libarchive users should upgrade to these updated packages, which
contain backported patches to correct these issues. All running
applications using libarchive must be restarted for this update to take
effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
libarchive-2.8.3-3.el6_1.src.rpm
File outdated by:  RHBA-2012:0464
    MD5: 3cb7036f07348a20bfd7a7b3dc9e580b
SHA-256: 95e268dd4cc880d2fbafc788b4031bb99c927db9db2e5a2e7625b2d72e1bd1cd
 
IA-32:
libarchive-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: bdb53b4990121ebdc6f8f3e89d82c97e
SHA-256: 89a0d0d71e054c12bc61506bd980a4d99d36b9111269feb1b100180ec278be66
libarchive-debuginfo-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: bb4e9e3f3e53c16e2db9149c3e127ea3
SHA-256: 1718d30a61e0edf8c01175554548c8bb7d978267c878ebb5727af91be1dfb560
libarchive-devel-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: 79805d60daa2288184775c4c962f8780
SHA-256: d4d02b885feb548093871b290a744255521d1a5dce88902e0d86c57cdd92ab0e
 
x86_64:
libarchive-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: bdb53b4990121ebdc6f8f3e89d82c97e
SHA-256: 89a0d0d71e054c12bc61506bd980a4d99d36b9111269feb1b100180ec278be66
libarchive-2.8.3-3.el6_1.x86_64.rpm
File outdated by:  RHBA-2012:0464
    MD5: 6b7f1ed534738dfe10a7166f90edf5d3
SHA-256: 253929d6bdba56cfcaf28169d01aa6454ae0ecce8726814756ffe1d2e18acce8
libarchive-debuginfo-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: bb4e9e3f3e53c16e2db9149c3e127ea3
SHA-256: 1718d30a61e0edf8c01175554548c8bb7d978267c878ebb5727af91be1dfb560
libarchive-debuginfo-2.8.3-3.el6_1.x86_64.rpm
File outdated by:  RHBA-2012:0464
    MD5: a89747b53feac04862fe093b90a6500b
SHA-256: 48e572d29da74141b80008b366c2907a52121fbc0b1396c97735e1b748e7dc0e
libarchive-devel-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: 79805d60daa2288184775c4c962f8780
SHA-256: d4d02b885feb548093871b290a744255521d1a5dce88902e0d86c57cdd92ab0e
libarchive-devel-2.8.3-3.el6_1.x86_64.rpm
File outdated by:  RHBA-2012:0464
    MD5: 24f576d002290af7774dcbe1f5a8f80c
SHA-256: aed8876e19066f1f833b7ebf01bcd9a5602b655dc039c467a898cdec7d997020
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
libarchive-2.8.3-3.el6_1.src.rpm
File outdated by:  RHBA-2012:0464
    MD5: 3cb7036f07348a20bfd7a7b3dc9e580b
SHA-256: 95e268dd4cc880d2fbafc788b4031bb99c927db9db2e5a2e7625b2d72e1bd1cd
 
x86_64:
libarchive-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: bdb53b4990121ebdc6f8f3e89d82c97e
SHA-256: 89a0d0d71e054c12bc61506bd980a4d99d36b9111269feb1b100180ec278be66
libarchive-2.8.3-3.el6_1.x86_64.rpm
File outdated by:  RHBA-2012:0464
    MD5: 6b7f1ed534738dfe10a7166f90edf5d3
SHA-256: 253929d6bdba56cfcaf28169d01aa6454ae0ecce8726814756ffe1d2e18acce8
libarchive-debuginfo-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: bb4e9e3f3e53c16e2db9149c3e127ea3
SHA-256: 1718d30a61e0edf8c01175554548c8bb7d978267c878ebb5727af91be1dfb560
libarchive-debuginfo-2.8.3-3.el6_1.x86_64.rpm
File outdated by:  RHBA-2012:0464
    MD5: a89747b53feac04862fe093b90a6500b
SHA-256: 48e572d29da74141b80008b366c2907a52121fbc0b1396c97735e1b748e7dc0e
libarchive-devel-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: 79805d60daa2288184775c4c962f8780
SHA-256: d4d02b885feb548093871b290a744255521d1a5dce88902e0d86c57cdd92ab0e
libarchive-devel-2.8.3-3.el6_1.x86_64.rpm
File outdated by:  RHBA-2012:0464
    MD5: 24f576d002290af7774dcbe1f5a8f80c
SHA-256: aed8876e19066f1f833b7ebf01bcd9a5602b655dc039c467a898cdec7d997020
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
libarchive-2.8.3-3.el6_1.src.rpm
File outdated by:  RHBA-2012:0464
    MD5: 3cb7036f07348a20bfd7a7b3dc9e580b
SHA-256: 95e268dd4cc880d2fbafc788b4031bb99c927db9db2e5a2e7625b2d72e1bd1cd
 
IA-32:
libarchive-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: bdb53b4990121ebdc6f8f3e89d82c97e
SHA-256: 89a0d0d71e054c12bc61506bd980a4d99d36b9111269feb1b100180ec278be66
libarchive-debuginfo-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: bb4e9e3f3e53c16e2db9149c3e127ea3
SHA-256: 1718d30a61e0edf8c01175554548c8bb7d978267c878ebb5727af91be1dfb560
libarchive-devel-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: 79805d60daa2288184775c4c962f8780
SHA-256: d4d02b885feb548093871b290a744255521d1a5dce88902e0d86c57cdd92ab0e
 
PPC:
libarchive-2.8.3-3.el6_1.ppc.rpm
File outdated by:  RHBA-2012:0464
    MD5: dd3cbd720733e9dd194958a9fb198eb0
SHA-256: aa1537d5afe7ccf738a575c63314b8fffeebb6086719894274414d5c0ea004eb
libarchive-2.8.3-3.el6_1.ppc64.rpm
File outdated by:  RHBA-2012:0464
    MD5: 6e0813a16e4c2263984de6c0335b4d3b
SHA-256: 71285df5fedb85cd099dc663939da5db9c61fa7bafc55bc0575bd0d92830cde2
libarchive-debuginfo-2.8.3-3.el6_1.ppc.rpm
File outdated by:  RHBA-2012:0464
    MD5: 7993ddfd9f8829c5a665a2cd63c55438
SHA-256: c3d93f52512d043fc918f8400052edbf1d712ec07f820e4f3eae92e64ba42f70
libarchive-debuginfo-2.8.3-3.el6_1.ppc64.rpm
File outdated by:  RHBA-2012:0464
    MD5: 4d2b1604477ec83821a53980ec52c746
SHA-256: d244f84fa1a5c57cf7a4434183b21288c6b847ba6251c37cf7eb45526ffcab94
libarchive-devel-2.8.3-3.el6_1.ppc.rpm
File outdated by:  RHBA-2012:0464
    MD5: b0ab0f490abf34d569ef5ab1dd57aa0d
SHA-256: 52f08f18d3c2afdec9889ef8c48de66a7c4ae768a42be5100c43b0fed89de03f
libarchive-devel-2.8.3-3.el6_1.ppc64.rpm
File outdated by:  RHBA-2012:0464
    MD5: 3c38affdc2d160fd29325335ddbf8a00
SHA-256: 3dca5ed00e22abd858b638f7088130df1d585cac33f931efae5156dec36ef6b3
 
s390x:
libarchive-2.8.3-3.el6_1.s390.rpm
File outdated by:  RHBA-2012:0464
    MD5: c43157b293668805de8ba2630a3b315d
SHA-256: 91c9ba14987aa26b52633e5aa34a7a19fb09b4f4fa983fd5fe635295b198c045
libarchive-2.8.3-3.el6_1.s390x.rpm
File outdated by:  RHBA-2012:0464
    MD5: b39171ac9db169b6feb922901781942d
SHA-256: b0c4c79f26fc425b57ca1feed6651dd33ea9bedd47d418309aee297c29aba244
libarchive-debuginfo-2.8.3-3.el6_1.s390.rpm
File outdated by:  RHBA-2012:0464
    MD5: 59db0f724d83c20cfa65029e3e9dcbe2
SHA-256: 7bc7c307eaf19f489862010d1d3e8a817431b88c718fb936c5230d07ed8d7da8
libarchive-debuginfo-2.8.3-3.el6_1.s390x.rpm
File outdated by:  RHBA-2012:0464
    MD5: 767d9ca6e9a11b36f8c602d0ad715785
SHA-256: 4b2414353cf4bfb04a87e04e2453eca3d6bc7b0f64647b1b45f2e7beec905656
libarchive-devel-2.8.3-3.el6_1.s390.rpm
File outdated by:  RHBA-2012:0464
    MD5: f8a801a550cefd8daeda367ee097918f
SHA-256: ebe9bce7f838c86f70fbd51d4da1a5bae6b99f2c53b5eaa13bbd3f58847343a1
libarchive-devel-2.8.3-3.el6_1.s390x.rpm
File outdated by:  RHBA-2012:0464
    MD5: e90c0b1d8b809a6ba061e8b322865861
SHA-256: 26fa69fa445102dba3a5a515ac513d1859d2e7f12f51593498cda626c5e61e97
 
x86_64:
libarchive-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: bdb53b4990121ebdc6f8f3e89d82c97e
SHA-256: 89a0d0d71e054c12bc61506bd980a4d99d36b9111269feb1b100180ec278be66
libarchive-2.8.3-3.el6_1.x86_64.rpm
File outdated by:  RHBA-2012:0464
    MD5: 6b7f1ed534738dfe10a7166f90edf5d3
SHA-256: 253929d6bdba56cfcaf28169d01aa6454ae0ecce8726814756ffe1d2e18acce8
libarchive-debuginfo-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: bb4e9e3f3e53c16e2db9149c3e127ea3
SHA-256: 1718d30a61e0edf8c01175554548c8bb7d978267c878ebb5727af91be1dfb560
libarchive-debuginfo-2.8.3-3.el6_1.x86_64.rpm
File outdated by:  RHBA-2012:0464
    MD5: a89747b53feac04862fe093b90a6500b
SHA-256: 48e572d29da74141b80008b366c2907a52121fbc0b1396c97735e1b748e7dc0e
libarchive-devel-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: 79805d60daa2288184775c4c962f8780
SHA-256: d4d02b885feb548093871b290a744255521d1a5dce88902e0d86c57cdd92ab0e
libarchive-devel-2.8.3-3.el6_1.x86_64.rpm
File outdated by:  RHBA-2012:0464
    MD5: 24f576d002290af7774dcbe1f5a8f80c
SHA-256: aed8876e19066f1f833b7ebf01bcd9a5602b655dc039c467a898cdec7d997020
 
Red Hat Enterprise Linux Server EUS (v. 6.1.z)

SRPMS:
libarchive-2.8.3-3.el6_1.src.rpm
File outdated by:  RHBA-2012:0464
    MD5: 3cb7036f07348a20bfd7a7b3dc9e580b
SHA-256: 95e268dd4cc880d2fbafc788b4031bb99c927db9db2e5a2e7625b2d72e1bd1cd
 
IA-32:
libarchive-2.8.3-3.el6_1.i686.rpm     MD5: bdb53b4990121ebdc6f8f3e89d82c97e
SHA-256: 89a0d0d71e054c12bc61506bd980a4d99d36b9111269feb1b100180ec278be66
libarchive-debuginfo-2.8.3-3.el6_1.i686.rpm     MD5: bb4e9e3f3e53c16e2db9149c3e127ea3
SHA-256: 1718d30a61e0edf8c01175554548c8bb7d978267c878ebb5727af91be1dfb560
libarchive-devel-2.8.3-3.el6_1.i686.rpm     MD5: 79805d60daa2288184775c4c962f8780
SHA-256: d4d02b885feb548093871b290a744255521d1a5dce88902e0d86c57cdd92ab0e
 
PPC:
libarchive-2.8.3-3.el6_1.ppc.rpm     MD5: dd3cbd720733e9dd194958a9fb198eb0
SHA-256: aa1537d5afe7ccf738a575c63314b8fffeebb6086719894274414d5c0ea004eb
libarchive-2.8.3-3.el6_1.ppc64.rpm     MD5: 6e0813a16e4c2263984de6c0335b4d3b
SHA-256: 71285df5fedb85cd099dc663939da5db9c61fa7bafc55bc0575bd0d92830cde2
libarchive-debuginfo-2.8.3-3.el6_1.ppc.rpm     MD5: 7993ddfd9f8829c5a665a2cd63c55438
SHA-256: c3d93f52512d043fc918f8400052edbf1d712ec07f820e4f3eae92e64ba42f70
libarchive-debuginfo-2.8.3-3.el6_1.ppc64.rpm     MD5: 4d2b1604477ec83821a53980ec52c746
SHA-256: d244f84fa1a5c57cf7a4434183b21288c6b847ba6251c37cf7eb45526ffcab94
libarchive-devel-2.8.3-3.el6_1.ppc.rpm     MD5: b0ab0f490abf34d569ef5ab1dd57aa0d
SHA-256: 52f08f18d3c2afdec9889ef8c48de66a7c4ae768a42be5100c43b0fed89de03f
libarchive-devel-2.8.3-3.el6_1.ppc64.rpm     MD5: 3c38affdc2d160fd29325335ddbf8a00
SHA-256: 3dca5ed00e22abd858b638f7088130df1d585cac33f931efae5156dec36ef6b3
 
s390x:
libarchive-2.8.3-3.el6_1.s390.rpm     MD5: c43157b293668805de8ba2630a3b315d
SHA-256: 91c9ba14987aa26b52633e5aa34a7a19fb09b4f4fa983fd5fe635295b198c045
libarchive-2.8.3-3.el6_1.s390x.rpm     MD5: b39171ac9db169b6feb922901781942d
SHA-256: b0c4c79f26fc425b57ca1feed6651dd33ea9bedd47d418309aee297c29aba244
libarchive-debuginfo-2.8.3-3.el6_1.s390.rpm     MD5: 59db0f724d83c20cfa65029e3e9dcbe2
SHA-256: 7bc7c307eaf19f489862010d1d3e8a817431b88c718fb936c5230d07ed8d7da8
libarchive-debuginfo-2.8.3-3.el6_1.s390x.rpm     MD5: 767d9ca6e9a11b36f8c602d0ad715785
SHA-256: 4b2414353cf4bfb04a87e04e2453eca3d6bc7b0f64647b1b45f2e7beec905656
libarchive-devel-2.8.3-3.el6_1.s390.rpm     MD5: f8a801a550cefd8daeda367ee097918f
SHA-256: ebe9bce7f838c86f70fbd51d4da1a5bae6b99f2c53b5eaa13bbd3f58847343a1
libarchive-devel-2.8.3-3.el6_1.s390x.rpm     MD5: e90c0b1d8b809a6ba061e8b322865861
SHA-256: 26fa69fa445102dba3a5a515ac513d1859d2e7f12f51593498cda626c5e61e97
 
x86_64:
libarchive-2.8.3-3.el6_1.i686.rpm     MD5: bdb53b4990121ebdc6f8f3e89d82c97e
SHA-256: 89a0d0d71e054c12bc61506bd980a4d99d36b9111269feb1b100180ec278be66
libarchive-2.8.3-3.el6_1.x86_64.rpm     MD5: 6b7f1ed534738dfe10a7166f90edf5d3
SHA-256: 253929d6bdba56cfcaf28169d01aa6454ae0ecce8726814756ffe1d2e18acce8
libarchive-debuginfo-2.8.3-3.el6_1.i686.rpm     MD5: bb4e9e3f3e53c16e2db9149c3e127ea3
SHA-256: 1718d30a61e0edf8c01175554548c8bb7d978267c878ebb5727af91be1dfb560
libarchive-debuginfo-2.8.3-3.el6_1.x86_64.rpm     MD5: a89747b53feac04862fe093b90a6500b
SHA-256: 48e572d29da74141b80008b366c2907a52121fbc0b1396c97735e1b748e7dc0e
libarchive-devel-2.8.3-3.el6_1.i686.rpm     MD5: 79805d60daa2288184775c4c962f8780
SHA-256: d4d02b885feb548093871b290a744255521d1a5dce88902e0d86c57cdd92ab0e
libarchive-devel-2.8.3-3.el6_1.x86_64.rpm     MD5: 24f576d002290af7774dcbe1f5a8f80c
SHA-256: aed8876e19066f1f833b7ebf01bcd9a5602b655dc039c467a898cdec7d997020
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
libarchive-2.8.3-3.el6_1.src.rpm
File outdated by:  RHBA-2012:0464
    MD5: 3cb7036f07348a20bfd7a7b3dc9e580b
SHA-256: 95e268dd4cc880d2fbafc788b4031bb99c927db9db2e5a2e7625b2d72e1bd1cd
 
IA-32:
libarchive-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: bdb53b4990121ebdc6f8f3e89d82c97e
SHA-256: 89a0d0d71e054c12bc61506bd980a4d99d36b9111269feb1b100180ec278be66
libarchive-debuginfo-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: bb4e9e3f3e53c16e2db9149c3e127ea3
SHA-256: 1718d30a61e0edf8c01175554548c8bb7d978267c878ebb5727af91be1dfb560
libarchive-devel-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: 79805d60daa2288184775c4c962f8780
SHA-256: d4d02b885feb548093871b290a744255521d1a5dce88902e0d86c57cdd92ab0e
 
x86_64:
libarchive-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: bdb53b4990121ebdc6f8f3e89d82c97e
SHA-256: 89a0d0d71e054c12bc61506bd980a4d99d36b9111269feb1b100180ec278be66
libarchive-2.8.3-3.el6_1.x86_64.rpm
File outdated by:  RHBA-2012:0464
    MD5: 6b7f1ed534738dfe10a7166f90edf5d3
SHA-256: 253929d6bdba56cfcaf28169d01aa6454ae0ecce8726814756ffe1d2e18acce8
libarchive-debuginfo-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: bb4e9e3f3e53c16e2db9149c3e127ea3
SHA-256: 1718d30a61e0edf8c01175554548c8bb7d978267c878ebb5727af91be1dfb560
libarchive-debuginfo-2.8.3-3.el6_1.x86_64.rpm
File outdated by:  RHBA-2012:0464
    MD5: a89747b53feac04862fe093b90a6500b
SHA-256: 48e572d29da74141b80008b366c2907a52121fbc0b1396c97735e1b748e7dc0e
libarchive-devel-2.8.3-3.el6_1.i686.rpm
File outdated by:  RHBA-2012:0464
    MD5: 79805d60daa2288184775c4c962f8780
SHA-256: d4d02b885feb548093871b290a744255521d1a5dce88902e0d86c57cdd92ab0e
libarchive-devel-2.8.3-3.el6_1.x86_64.rpm
File outdated by:  RHBA-2012:0464
    MD5: 24f576d002290af7774dcbe1f5a8f80c
SHA-256: aed8876e19066f1f833b7ebf01bcd9a5602b655dc039c467a898cdec7d997020
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

705849 - CVE-2010-4666 CVE-2011-1777 CVE-2011-1778 CVE-2011-1779 Libarchive multiple security issues


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/