suse-su-2018:0862-1
Vulnerability from csaf_suse
Published
2018-04-03 15:16
Modified
2018-04-03 15:16
Summary
Security update for unrar
Notes
Title of the patch
Security update for unrar
Description of the patch
This update for unrar to version 5.6.1 fixes several issues.
These security issues were fixed:
- CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal
protection mechanism via vectors involving a symlink to the . directory, a
symlink to the .. directory, and a regular file (bsc#1054038).
- CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call
within the Archive::ReadHeader15 function (bsc#1054038).
- CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20
function (bsc#1054038).
- CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function
(bsc#1054038).
These non-security issues were fixed:
- Added extraction support for .LZ archives created by Lzip compressor
- Enable unpacking of files in ZIP archives compressed with XZ algorithm and
encrypted with AES
- Added support for PAX extended headers inside of TAR archive
- If RAR recovery volumes (.rev files) are present in the same folder as usual
RAR volumes, archive test command verifies .rev contents after completing
testing .rar files
- By default unrar skips symbolic links with absolute paths in link target when
extracting unless -ola command line switch is specified
- Added support for AES-NI CPU instructions
- Support for a new RAR 5.0 archiving format
- Wildcard exclusion mask for folders
- Added libunrar* and libunrar*-devel subpackages (bsc#513804)
- Prevent conditional jumps depending on uninitialised values (bsc#1046882)
Patchnames
slessp4-unrar-13542
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for unrar",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for unrar to version 5.6.1 fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal\n protection mechanism via vectors involving a symlink to the . directory, a\n symlink to the .. directory, and a regular file (bsc#1054038).\n- CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call\n within the Archive::ReadHeader15 function (bsc#1054038).\n- CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20\n function (bsc#1054038).\n- CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function\n (bsc#1054038).\n\nThese non-security issues were fixed:\n\n- Added extraction support for .LZ archives created by Lzip compressor\n- Enable unpacking of files in ZIP archives compressed with XZ algorithm and\n encrypted with AES\n- Added support for PAX extended headers inside of TAR archive\n- If RAR recovery volumes (.rev files) are present in the same folder as usual\n RAR volumes, archive test command verifies .rev contents after completing\n testing .rar files\n- By default unrar skips symbolic links with absolute paths in link target when\n extracting unless -ola command line switch is specified\n- Added support for AES-NI CPU instructions \n- Support for a new RAR 5.0 archiving format\n- Wildcard exclusion mask for folders\n- Added libunrar* and libunrar*-devel subpackages (bsc#513804)\n- Prevent conditional jumps depending on uninitialised values (bsc#1046882)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp4-unrar-13542",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0862-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0862-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180862-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0862-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-April/003863.html"
},
{
"category": "self",
"summary": "SUSE Bug 1046882",
"url": "https://bugzilla.suse.com/1046882"
},
{
"category": "self",
"summary": "SUSE Bug 1054038",
"url": "https://bugzilla.suse.com/1054038"
},
{
"category": "self",
"summary": "SUSE Bug 513804",
"url": "https://bugzilla.suse.com/513804"
},
{
"category": "self",
"summary": "SUSE Bug 693890",
"url": "https://bugzilla.suse.com/693890"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-6706 page",
"url": "https://www.suse.com/security/cve/CVE-2012-6706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12938 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12940 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12940/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12941 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12942 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12942/"
}
],
"title": "Security update for unrar",
"tracking": {
"current_release_date": "2018-04-03T15:16:58Z",
"generator": {
"date": "2018-04-03T15:16:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0862-1",
"initial_release_date": "2018-04-03T15:16:58Z",
"revision_history": [
{
"date": "2018-04-03T15:16:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "unrar-5.6.1-5.3.1.i586",
"product": {
"name": "unrar-5.6.1-5.3.1.i586",
"product_id": "unrar-5.6.1-5.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "unrar-5.6.1-5.3.1.ia64",
"product": {
"name": "unrar-5.6.1-5.3.1.ia64",
"product_id": "unrar-5.6.1-5.3.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "unrar-5.6.1-5.3.1.ppc64",
"product": {
"name": "unrar-5.6.1-5.3.1.ppc64",
"product_id": "unrar-5.6.1-5.3.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "unrar-5.6.1-5.3.1.s390x",
"product": {
"name": "unrar-5.6.1-5.3.1.s390x",
"product_id": "unrar-5.6.1-5.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "unrar-5.6.1-5.3.1.x86_64",
"product": {
"name": "unrar-5.6.1-5.3.1.x86_64",
"product_id": "unrar-5.6.1-5.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "unrar-5.6.1-5.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586"
},
"product_reference": "unrar-5.6.1-5.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unrar-5.6.1-5.3.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64"
},
"product_reference": "unrar-5.6.1-5.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unrar-5.6.1-5.3.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64"
},
"product_reference": "unrar-5.6.1-5.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unrar-5.6.1-5.3.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x"
},
"product_reference": "unrar-5.6.1-5.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unrar-5.6.1-5.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64"
},
"product_reference": "unrar-5.6.1-5.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unrar-5.6.1-5.3.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586"
},
"product_reference": "unrar-5.6.1-5.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unrar-5.6.1-5.3.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64"
},
"product_reference": "unrar-5.6.1-5.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unrar-5.6.1-5.3.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64"
},
"product_reference": "unrar-5.6.1-5.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unrar-5.6.1-5.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x"
},
"product_reference": "unrar-5.6.1-5.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unrar-5.6.1-5.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64"
},
"product_reference": "unrar-5.6.1-5.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-6706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-6706"
}
],
"notes": [
{
"category": "general",
"text": "A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the \"DestPos\" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-6706",
"url": "https://www.suse.com/security/cve/CVE-2012-6706"
},
{
"category": "external",
"summary": "SUSE Bug 1045315 for CVE-2012-6706",
"url": "https://bugzilla.suse.com/1045315"
},
{
"category": "external",
"summary": "SUSE Bug 1045490 for CVE-2012-6706",
"url": "https://bugzilla.suse.com/1045490"
},
{
"category": "external",
"summary": "SUSE Bug 1053919 for CVE-2012-6706",
"url": "https://bugzilla.suse.com/1053919"
},
{
"category": "external",
"summary": "SUSE Bug 1083915 for CVE-2012-6706",
"url": "https://bugzilla.suse.com/1083915"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-03T15:16:58Z",
"details": "moderate"
}
],
"title": "CVE-2012-6706"
},
{
"cve": "CVE-2017-12938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12938"
}
],
"notes": [
{
"category": "general",
"text": "UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12938",
"url": "https://www.suse.com/security/cve/CVE-2017-12938"
},
{
"category": "external",
"summary": "SUSE Bug 1054038 for CVE-2017-12938",
"url": "https://bugzilla.suse.com/1054038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-03T15:16:58Z",
"details": "moderate"
}
],
"title": "CVE-2017-12938"
},
{
"cve": "CVE-2017-12940",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12940"
}
],
"notes": [
{
"category": "general",
"text": "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12940",
"url": "https://www.suse.com/security/cve/CVE-2017-12940"
},
{
"category": "external",
"summary": "SUSE Bug 1054038 for CVE-2017-12940",
"url": "https://bugzilla.suse.com/1054038"
},
{
"category": "external",
"summary": "SUSE Bug 1196772 for CVE-2017-12940",
"url": "https://bugzilla.suse.com/1196772"
},
{
"category": "external",
"summary": "SUSE Bug 1196774 for CVE-2017-12940",
"url": "https://bugzilla.suse.com/1196774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-03T15:16:58Z",
"details": "moderate"
}
],
"title": "CVE-2017-12940"
},
{
"cve": "CVE-2017-12941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12941"
}
],
"notes": [
{
"category": "general",
"text": "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12941",
"url": "https://www.suse.com/security/cve/CVE-2017-12941"
},
{
"category": "external",
"summary": "SUSE Bug 1054038 for CVE-2017-12941",
"url": "https://bugzilla.suse.com/1054038"
},
{
"category": "external",
"summary": "SUSE Bug 1196772 for CVE-2017-12941",
"url": "https://bugzilla.suse.com/1196772"
},
{
"category": "external",
"summary": "SUSE Bug 1196774 for CVE-2017-12941",
"url": "https://bugzilla.suse.com/1196774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-03T15:16:58Z",
"details": "moderate"
}
],
"title": "CVE-2017-12941"
},
{
"cve": "CVE-2017-12942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12942"
}
],
"notes": [
{
"category": "general",
"text": "libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12942",
"url": "https://www.suse.com/security/cve/CVE-2017-12942"
},
{
"category": "external",
"summary": "SUSE Bug 1054038 for CVE-2017-12942",
"url": "https://bugzilla.suse.com/1054038"
},
{
"category": "external",
"summary": "SUSE Bug 1054600 for CVE-2017-12942",
"url": "https://bugzilla.suse.com/1054600"
},
{
"category": "external",
"summary": "SUSE Bug 1196772 for CVE-2017-12942",
"url": "https://bugzilla.suse.com/1196772"
},
{
"category": "external",
"summary": "SUSE Bug 1196774 for CVE-2017-12942",
"url": "https://bugzilla.suse.com/1196774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-03T15:16:58Z",
"details": "moderate"
}
],
"title": "CVE-2017-12942"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…