Security update for libarchive SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:3675-1 Final 1 1 2024-10-16T17:33:32Z current 2024-10-16T17:33:32Z 2024-10-16T17:33:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libarchive This update for libarchive fixes the following issues: - CVE-2024-48957: Fixed out-of-bounds access in execute_filter_audio in archive_read_support_format_rar.c (bsc#1231544). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container bci/spack:0.23-2024-3675,Container bci/spack:latest-2024-3675,Container containers/pytorch:2-nvidia-2024-3675,Container containers/pytorch:2.5.0-2024-3675,Container suse/manager/5.0/x86_64/server:latest-2024-3675,Image SLES15-SP6-SAP-2024-3675,Image SLES15-SP6-SAP-Azure-2024-3675,Image SLES15-SP6-SAP-EC2-2024-3675,Image SLES15-SP6-SAP-GCE-2024-3675,Image SLES15-SP6-SAPCAL-2024-3675,Image SLES15-SP6-SAPCAL-Azure-2024-3675,Image SLES15-SP6-SAPCAL-EC2-2024-3675,Image SLES15-SP6-SAPCAL-GCE-2024-3675,Image ai_15_6-2024-3675,Image server-image-2024-3675,SUSE-2024-3675,SUSE-SLE-Module-Basesystem-15-SP6-2024-3675,SUSE-SLE-Module-Development-Tools-15-SP6-2024-3675,openSUSE-SLE-15.6-2024-3675 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20243675-1/ Link for SUSE-SU-2024:3675-1 https://lists.suse.com/pipermail/sle-updates/2024-October/037297.html E-Mail link for SUSE-SU-2024:3675-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1231544 SUSE Bug 1231544 https://www.suse.com/security/cve/CVE-2024-48957/ SUSE CVE CVE-2024-48957 page Container bci/spack:0.23 Container bci/spack:latest Container containers/pytorch:2-nvidia Container containers/pytorch:2.5.0 Container suse/manager/5.0/x86_64/server:latest Image SLES15-SP6-SAP Image SLES15-SP6-SAP-Azure Image SLES15-SP6-SAP-EC2 Image SLES15-SP6-SAP-GCE Image SLES15-SP6-SAPCAL Image SLES15-SP6-SAPCAL-Azure Image SLES15-SP6-SAPCAL-EC2 Image SLES15-SP6-SAPCAL-GCE Image ai_15_6 Image server-image SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Development Tools 15 SP6 openSUSE Leap 15.6 libarchive13-3.7.2-150600.3.6.1 bsdtar-3.7.2-150600.3.6.1 libarchive-devel-3.7.2-150600.3.6.1 libarchive13-32bit-3.7.2-150600.3.6.1 libarchive13-64bit-3.7.2-150600.3.6.1 libarchive13-3.7.2-150600.3.6.1 as a component of Container bci/spack:0.23 libarchive13-3.7.2-150600.3.6.1 as a component of Container bci/spack:latest libarchive13-3.7.2-150600.3.6.1 as a component of Container containers/pytorch:2-nvidia libarchive13-3.7.2-150600.3.6.1 as a component of Container containers/pytorch:2.5.0 libarchive13-3.7.2-150600.3.6.1 as a component of Container suse/manager/5.0/x86_64/server:latest libarchive13-3.7.2-150600.3.6.1 as a component of Image SLES15-SP6-SAP libarchive13-3.7.2-150600.3.6.1 as a component of Image SLES15-SP6-SAP-Azure libarchive13-3.7.2-150600.3.6.1 as a component of Image SLES15-SP6-SAP-EC2 libarchive13-3.7.2-150600.3.6.1 as a component of Image SLES15-SP6-SAP-GCE libarchive13-3.7.2-150600.3.6.1 as a component of Image SLES15-SP6-SAPCAL libarchive13-3.7.2-150600.3.6.1 as a component of Image SLES15-SP6-SAPCAL-Azure libarchive13-3.7.2-150600.3.6.1 as a component of Image SLES15-SP6-SAPCAL-EC2 libarchive13-3.7.2-150600.3.6.1 as a component of Image SLES15-SP6-SAPCAL-GCE libarchive13-3.7.2-150600.3.6.1 as a component of Image ai_15_6 libarchive13-3.7.2-150600.3.6.1 as a component of Image server-image libarchive-devel-3.7.2-150600.3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libarchive13-3.7.2-150600.3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 bsdtar-3.7.2-150600.3.6.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP6 bsdtar-3.7.2-150600.3.6.1 as a component of openSUSE Leap 15.6 libarchive-devel-3.7.2-150600.3.6.1 as a component of openSUSE Leap 15.6 libarchive13-3.7.2-150600.3.6.1 as a component of openSUSE Leap 15.6 libarchive13-32bit-3.7.2-150600.3.6.1 as a component of openSUSE Leap 15.6 execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. CVE-2024-48957 Container bci/spack:0.23:libarchive13-3.7.2-150600.3.6.1 Container bci/spack:latest:libarchive13-3.7.2-150600.3.6.1 Container containers/pytorch:2-nvidia:libarchive13-3.7.2-150600.3.6.1 Container containers/pytorch:2.5.0:libarchive13-3.7.2-150600.3.6.1 Container suse/manager/5.0/x86_64/server:latest:libarchive13-3.7.2-150600.3.6.1 Image SLES15-SP6-SAP-Azure:libarchive13-3.7.2-150600.3.6.1 Image SLES15-SP6-SAP-EC2:libarchive13-3.7.2-150600.3.6.1 Image SLES15-SP6-SAP-GCE:libarchive13-3.7.2-150600.3.6.1 Image SLES15-SP6-SAP:libarchive13-3.7.2-150600.3.6.1 Image SLES15-SP6-SAPCAL-Azure:libarchive13-3.7.2-150600.3.6.1 Image SLES15-SP6-SAPCAL-EC2:libarchive13-3.7.2-150600.3.6.1 Image SLES15-SP6-SAPCAL-GCE:libarchive13-3.7.2-150600.3.6.1 Image SLES15-SP6-SAPCAL:libarchive13-3.7.2-150600.3.6.1 Image ai_15_6:libarchive13-3.7.2-150600.3.6.1 Image server-image:libarchive13-3.7.2-150600.3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive-devel-3.7.2-150600.3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libarchive13-3.7.2-150600.3.6.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:bsdtar-3.7.2-150600.3.6.1 openSUSE Leap 15.6:bsdtar-3.7.2-150600.3.6.1 openSUSE Leap 15.6:libarchive-devel-3.7.2-150600.3.6.1 openSUSE Leap 15.6:libarchive13-3.7.2-150600.3.6.1 openSUSE Leap 15.6:libarchive13-32bit-3.7.2-150600.3.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243675-1/ https://www.suse.com/security/cve/CVE-2024-48957.html CVE-2024-48957 https://bugzilla.suse.com/1231543 SUSE Bug 1231543