Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2017-12940
Vulnerability from cvelistv5
Published
2017-08-18 14:00
Modified
2024-08-05 18:51
Severity ?
EPSS score ?
Summary
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T18:51:07.230Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { name: "GLSA-201709-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201709-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-08-18T00:00:00", descriptions: [ { lang: "en", value: "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { name: "GLSA-201709-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201709-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-12940", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://seclists.org/oss-sec/2017/q3/290", refsource: "MISC", url: "http://seclists.org/oss-sec/2017/q3/290", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { name: "GLSA-201709-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201709-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-12940", datePublished: "2017-08-18T14:00:00", dateReserved: "2017-08-18T00:00:00", dateUpdated: "2024-08-05T18:51:07.230Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2017-12940\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-08-18T14:29:00.437\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.\"},{\"lang\":\"es\",\"value\":\"libunrar.a en UnRAR en versiones anteriores a la 5.5.7 tiene un problema de lectura fuera de los límites de la memoria en la llamada EncodeFileName::Decode en la función Archive::ReadHeader15.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rarlab:unrar:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.5.6\",\"matchCriteriaId\":\"4FBF68E6-20E3-4B2A-A07B-F8E8D3037F82\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/oss-sec/2017/q3/290\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content&id=SB10241\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201709-24\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/oss-sec/2017/q3/290\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content&id=SB10241\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201709-24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
gsd-2017-12940
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.
Aliases
Aliases
{ GSD: { alias: "CVE-2017-12940", description: "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.", id: "GSD-2017-12940", references: [ "https://www.suse.com/security/cve/CVE-2017-12940.html", "https://advisories.mageia.org/CVE-2017-12940.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2017-12940", ], details: "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.", id: "GSD-2017-12940", modified: "2023-12-13T01:21:03.591279Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-12940", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://seclists.org/oss-sec/2017/q3/290", refsource: "MISC", url: "http://seclists.org/oss-sec/2017/q3/290", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { name: "GLSA-201709-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201709-24", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:rarlab:unrar:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "5.5.6", vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-12940", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-125", }, ], }, ], }, references: { reference_data: [ { name: "http://seclists.org/oss-sec/2017/q3/290", refsource: "MISC", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, { name: "GLSA-201709-24", refsource: "GENTOO", tags: [], url: "https://security.gentoo.org/glsa/201709-24", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", refsource: "CONFIRM", tags: [], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, }, }, lastModifiedDate: "2018-06-16T01:29Z", publishedDate: "2017-08-18T14:29Z", }, }, }
suse-su-2021:2834-1
Vulnerability from csaf_suse
Published
2021-08-25 10:26
Modified
2021-08-25 10:26
Summary
Security update for unrar
Notes
Title of the patch
Security update for unrar
Description of the patch
This update for unrar to version 5.6.1 fixes several issues.
These security issues were fixed:
- CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal
protection mechanism via vectors involving a symlink to the . directory, a
symlink to the .. directory, and a regular file (bsc#1054038).
- CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call
within the Archive::ReadHeader15 function (bsc#1054038).
- CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20
function (bsc#1054038).
- CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function
(bsc#1054038).
- CVE-2017-20006: Fixed heap-based buffer overflow in Unpack:CopyString (bsc#1187974).
These non-security issues were fixed:
- Added extraction support for .LZ archives created by Lzip compressor
- Enable unpacking of files in ZIP archives compressed with XZ algorithm and
encrypted with AES
- Added support for PAX extended headers inside of TAR archive
- If RAR recovery volumes (.rev files) are present in the same folder as usual
RAR volumes, archive test command verifies .rev contents after completing
testing .rar files
- By default unrar skips symbolic links with absolute paths in link target when
extracting unless -ola command line switch is specified
- Added support for AES-NI CPU instructions
- Support for a new RAR 5.0 archiving format
- Wildcard exclusion mask for folders
- Prevent conditional jumps depending on uninitialised values (bsc#1046882)
Patchnames
SUSE-2021-2834,SUSE-OpenStack-Cloud-8-2021-2834,SUSE-OpenStack-Cloud-9-2021-2834,SUSE-OpenStack-Cloud-Crowbar-9-2021-2834,SUSE-SLE-SAP-12-SP3-2021-2834,SUSE-SLE-SAP-12-SP4-2021-2834,SUSE-SLE-SDK-12-SP5-2021-2834,SUSE-SLE-SERVER-12-SP2-BCL-2021-2834,SUSE-SLE-SERVER-12-SP3-2021-2834,SUSE-SLE-SERVER-12-SP3-BCL-2021-2834,SUSE-SLE-SERVER-12-SP4-LTSS-2021-2834,SUSE-SLE-SERVER-12-SP5-2021-2834
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for unrar", title: "Title of the patch", }, { category: "description", text: "This update for unrar to version 5.6.1 fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal\n protection mechanism via vectors involving a symlink to the . directory, a\n symlink to the .. directory, and a regular file (bsc#1054038).\n- CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call\n within the Archive::ReadHeader15 function (bsc#1054038).\n- CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20\n function (bsc#1054038).\n- CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function\n (bsc#1054038).\n- CVE-2017-20006: Fixed heap-based buffer overflow in Unpack:CopyString (bsc#1187974).\n\nThese non-security issues were fixed:\n\n- Added extraction support for .LZ archives created by Lzip compressor\n- Enable unpacking of files in ZIP archives compressed with XZ algorithm and\n encrypted with AES\n- Added support for PAX extended headers inside of TAR archive\n- If RAR recovery volumes (.rev files) are present in the same folder as usual\n RAR volumes, archive test command verifies .rev contents after completing\n testing .rar files\n- By default unrar skips symbolic links with absolute paths in link target when\n extracting unless -ola command line switch is specified\n- Added support for AES-NI CPU instructions\n- Support for a new RAR 5.0 archiving format\n- Wildcard exclusion mask for folders\n- Prevent conditional jumps depending on uninitialised values (bsc#1046882)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2021-2834,SUSE-OpenStack-Cloud-8-2021-2834,SUSE-OpenStack-Cloud-9-2021-2834,SUSE-OpenStack-Cloud-Crowbar-9-2021-2834,SUSE-SLE-SAP-12-SP3-2021-2834,SUSE-SLE-SAP-12-SP4-2021-2834,SUSE-SLE-SDK-12-SP5-2021-2834,SUSE-SLE-SERVER-12-SP2-BCL-2021-2834,SUSE-SLE-SERVER-12-SP3-2021-2834,SUSE-SLE-SERVER-12-SP3-BCL-2021-2834,SUSE-SLE-SERVER-12-SP4-LTSS-2021-2834,SUSE-SLE-SERVER-12-SP5-2021-2834", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_2834-1.json", }, { category: "self", summary: "URL for SUSE-SU-2021:2834-1", url: "https://www.suse.com/support/update/announcement/2021/suse-su-20212834-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2021:2834-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009355.html", }, { category: "self", summary: "SUSE Bug 1046882", url: "https://bugzilla.suse.com/1046882", }, { category: "self", summary: "SUSE Bug 1054038", url: "https://bugzilla.suse.com/1054038", }, { category: "self", summary: "SUSE Bug 1187974", url: "https://bugzilla.suse.com/1187974", }, { category: "self", summary: "SUSE CVE CVE-2012-6706 page", url: "https://www.suse.com/security/cve/CVE-2012-6706/", }, { category: "self", summary: "SUSE CVE CVE-2017-12938 page", url: "https://www.suse.com/security/cve/CVE-2017-12938/", }, { category: "self", summary: "SUSE CVE CVE-2017-12940 page", url: "https://www.suse.com/security/cve/CVE-2017-12940/", }, { category: "self", summary: "SUSE CVE CVE-2017-12941 page", url: "https://www.suse.com/security/cve/CVE-2017-12941/", }, { category: "self", summary: "SUSE CVE CVE-2017-12942 page", url: "https://www.suse.com/security/cve/CVE-2017-12942/", }, { category: "self", summary: "SUSE CVE CVE-2017-20006 page", url: "https://www.suse.com/security/cve/CVE-2017-20006/", }, ], title: "Security update for unrar", tracking: { current_release_date: "2021-08-25T10:26:54Z", generator: { date: "2021-08-25T10:26:54Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2021:2834-1", initial_release_date: "2021-08-25T10:26:54Z", revision_history: [ { date: "2021-08-25T10:26:54Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libunrar-devel-5.6.1-4.5.1.aarch64", product: { name: "libunrar-devel-5.6.1-4.5.1.aarch64", product_id: "libunrar-devel-5.6.1-4.5.1.aarch64", }, }, { category: "product_version", name: "libunrar5_6_1-5.6.1-4.5.1.aarch64", product: { name: "libunrar5_6_1-5.6.1-4.5.1.aarch64", product_id: "libunrar5_6_1-5.6.1-4.5.1.aarch64", }, }, { category: "product_version", name: "unrar-5.6.1-4.5.1.aarch64", product: { name: "unrar-5.6.1-4.5.1.aarch64", product_id: "unrar-5.6.1-4.5.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libunrar-devel-5.6.1-4.5.1.i586", product: { name: "libunrar-devel-5.6.1-4.5.1.i586", product_id: "libunrar-devel-5.6.1-4.5.1.i586", }, }, { category: "product_version", name: "libunrar5_6_1-5.6.1-4.5.1.i586", product: { name: "libunrar5_6_1-5.6.1-4.5.1.i586", product_id: "libunrar5_6_1-5.6.1-4.5.1.i586", }, }, { category: "product_version", name: "unrar-5.6.1-4.5.1.i586", product: { name: "unrar-5.6.1-4.5.1.i586", product_id: "unrar-5.6.1-4.5.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "libunrar-devel-5.6.1-4.5.1.ppc64le", product: { name: "libunrar-devel-5.6.1-4.5.1.ppc64le", product_id: "libunrar-devel-5.6.1-4.5.1.ppc64le", }, }, { category: "product_version", name: "libunrar5_6_1-5.6.1-4.5.1.ppc64le", product: { name: "libunrar5_6_1-5.6.1-4.5.1.ppc64le", product_id: "libunrar5_6_1-5.6.1-4.5.1.ppc64le", }, }, { category: "product_version", name: "unrar-5.6.1-4.5.1.ppc64le", product: { name: "unrar-5.6.1-4.5.1.ppc64le", product_id: "unrar-5.6.1-4.5.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libunrar-devel-5.6.1-4.5.1.s390", product: { name: "libunrar-devel-5.6.1-4.5.1.s390", product_id: "libunrar-devel-5.6.1-4.5.1.s390", }, }, { category: "product_version", name: "libunrar5_6_1-5.6.1-4.5.1.s390", product: { name: "libunrar5_6_1-5.6.1-4.5.1.s390", product_id: "libunrar5_6_1-5.6.1-4.5.1.s390", }, }, { category: "product_version", name: "unrar-5.6.1-4.5.1.s390", product: { name: "unrar-5.6.1-4.5.1.s390", product_id: "unrar-5.6.1-4.5.1.s390", }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "libunrar-devel-5.6.1-4.5.1.s390x", product: { name: "libunrar-devel-5.6.1-4.5.1.s390x", product_id: "libunrar-devel-5.6.1-4.5.1.s390x", }, }, { category: "product_version", name: "libunrar5_6_1-5.6.1-4.5.1.s390x", product: { name: "libunrar5_6_1-5.6.1-4.5.1.s390x", product_id: "libunrar5_6_1-5.6.1-4.5.1.s390x", }, }, { category: "product_version", name: "unrar-5.6.1-4.5.1.s390x", product: { name: "unrar-5.6.1-4.5.1.s390x", product_id: "unrar-5.6.1-4.5.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libunrar-devel-5.6.1-4.5.1.x86_64", product: { name: "libunrar-devel-5.6.1-4.5.1.x86_64", product_id: "libunrar-devel-5.6.1-4.5.1.x86_64", }, }, { category: "product_version", name: "libunrar5_6_1-5.6.1-4.5.1.x86_64", product: { name: "libunrar5_6_1-5.6.1-4.5.1.x86_64", product_id: "libunrar5_6_1-5.6.1-4.5.1.x86_64", }, }, { category: "product_version", name: "unrar-5.6.1-4.5.1.x86_64", product: { name: "unrar-5.6.1-4.5.1.x86_64", product_id: "unrar-5.6.1-4.5.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE OpenStack Cloud 8", product: { name: "SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud:8", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud 9", product: { name: "SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud:9", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud Crowbar 9", product: { name: "SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud-crowbar:9", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12 SP5", product: { name: "SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP2-BCL", product: { name: "SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles-bcl:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP3-LTSS", product: { name: "SUSE Linux Enterprise Server 12 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP3-BCL", product: { name: "SUSE Linux Enterprise Server 12 SP3-BCL", product_id: "SUSE Linux Enterprise Server 12 SP3-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles-bcl:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP4-LTSS", product: { name: "SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP5", product: { name: "SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.x86_64 as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:unrar-5.6.1-4.5.1.x86_64", }, product_reference: "unrar-5.6.1-4.5.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.x86_64 as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:unrar-5.6.1-4.5.1.x86_64", }, product_reference: "unrar-5.6.1-4.5.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:unrar-5.6.1-4.5.1.x86_64", }, product_reference: "unrar-5.6.1-4.5.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.ppc64le", }, product_reference: "unrar-5.6.1-4.5.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.x86_64", }, product_reference: "unrar-5.6.1-4.5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.ppc64le", }, product_reference: "unrar-5.6.1-4.5.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.x86_64", }, product_reference: "unrar-5.6.1-4.5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "libunrar-devel-5.6.1-4.5.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.aarch64", }, product_reference: "libunrar-devel-5.6.1-4.5.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "libunrar-devel-5.6.1-4.5.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.ppc64le", }, product_reference: "libunrar-devel-5.6.1-4.5.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "libunrar-devel-5.6.1-4.5.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.s390x", }, product_reference: "libunrar-devel-5.6.1-4.5.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "libunrar-devel-5.6.1-4.5.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.x86_64", }, product_reference: "libunrar-devel-5.6.1-4.5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "libunrar5_6_1-5.6.1-4.5.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.aarch64", }, product_reference: "libunrar5_6_1-5.6.1-4.5.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "libunrar5_6_1-5.6.1-4.5.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.ppc64le", }, product_reference: "libunrar5_6_1-5.6.1-4.5.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "libunrar5_6_1-5.6.1-4.5.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.s390x", }, product_reference: "libunrar5_6_1-5.6.1-4.5.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "libunrar5_6_1-5.6.1-4.5.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.x86_64", }, product_reference: "libunrar5_6_1-5.6.1-4.5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:unrar-5.6.1-4.5.1.x86_64", }, product_reference: "unrar-5.6.1-4.5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.aarch64", }, product_reference: "unrar-5.6.1-4.5.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.ppc64le", }, product_reference: "unrar-5.6.1-4.5.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.s390x", }, product_reference: "unrar-5.6.1-4.5.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.x86_64", }, product_reference: "unrar-5.6.1-4.5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL", product_id: "SUSE Linux Enterprise Server 12 SP3-BCL:unrar-5.6.1-4.5.1.x86_64", }, product_reference: "unrar-5.6.1-4.5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-BCL", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.aarch64", }, product_reference: "unrar-5.6.1-4.5.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.ppc64le", }, product_reference: "unrar-5.6.1-4.5.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.s390x", }, product_reference: "unrar-5.6.1-4.5.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.x86_64", }, product_reference: "unrar-5.6.1-4.5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.aarch64", }, product_reference: "unrar-5.6.1-4.5.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.ppc64le", }, product_reference: "unrar-5.6.1-4.5.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.s390x", }, product_reference: "unrar-5.6.1-4.5.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.x86_64", }, product_reference: "unrar-5.6.1-4.5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.aarch64", }, product_reference: "unrar-5.6.1-4.5.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.ppc64le", }, product_reference: "unrar-5.6.1-4.5.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.s390x", }, product_reference: "unrar-5.6.1-4.5.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-4.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.x86_64", }, product_reference: "unrar-5.6.1-4.5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, ], }, vulnerabilities: [ { cve: "CVE-2012-6706", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-6706", }, ], notes: [ { category: "general", text: "A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the \"DestPos\" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 8:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 9:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:unrar-5.6.1-4.5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-6706", url: "https://www.suse.com/security/cve/CVE-2012-6706", }, { category: "external", summary: "SUSE Bug 1045315 for CVE-2012-6706", url: "https://bugzilla.suse.com/1045315", }, { category: "external", summary: "SUSE Bug 1045490 for CVE-2012-6706", url: "https://bugzilla.suse.com/1045490", }, { category: "external", summary: "SUSE Bug 1053919 for CVE-2012-6706", url: "https://bugzilla.suse.com/1053919", }, { category: "external", summary: "SUSE Bug 1083915 for CVE-2012-6706", url: "https://bugzilla.suse.com/1083915", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 8:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 9:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:unrar-5.6.1-4.5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 8:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 9:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:unrar-5.6.1-4.5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-25T10:26:54Z", details: "critical", }, ], title: "CVE-2012-6706", }, { cve: "CVE-2017-12938", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12938", }, ], notes: [ { category: "general", text: "UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 8:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 9:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:unrar-5.6.1-4.5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12938", url: "https://www.suse.com/security/cve/CVE-2017-12938", }, { category: "external", summary: "SUSE Bug 1054038 for CVE-2017-12938", url: "https://bugzilla.suse.com/1054038", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 8:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 9:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:unrar-5.6.1-4.5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 8:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 9:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:unrar-5.6.1-4.5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-25T10:26:54Z", details: "moderate", }, ], title: "CVE-2017-12938", }, { cve: "CVE-2017-12940", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12940", }, ], notes: [ { category: "general", text: "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 8:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 9:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:unrar-5.6.1-4.5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12940", url: "https://www.suse.com/security/cve/CVE-2017-12940", }, { category: "external", summary: "SUSE Bug 1054038 for CVE-2017-12940", url: "https://bugzilla.suse.com/1054038", }, { category: "external", summary: "SUSE Bug 1196772 for CVE-2017-12940", url: "https://bugzilla.suse.com/1196772", }, { category: "external", summary: "SUSE Bug 1196774 for CVE-2017-12940", url: "https://bugzilla.suse.com/1196774", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 8:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 9:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:unrar-5.6.1-4.5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 8:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 9:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:unrar-5.6.1-4.5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-25T10:26:54Z", details: "moderate", }, ], title: "CVE-2017-12940", }, { cve: "CVE-2017-12941", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12941", }, ], notes: [ { category: "general", text: "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 8:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 9:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:unrar-5.6.1-4.5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12941", url: "https://www.suse.com/security/cve/CVE-2017-12941", }, { category: "external", summary: "SUSE Bug 1054038 for CVE-2017-12941", url: "https://bugzilla.suse.com/1054038", }, { category: "external", summary: "SUSE Bug 1196772 for CVE-2017-12941", url: "https://bugzilla.suse.com/1196772", }, { category: "external", summary: "SUSE Bug 1196774 for CVE-2017-12941", url: "https://bugzilla.suse.com/1196774", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 8:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 9:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:unrar-5.6.1-4.5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 8:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 9:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:unrar-5.6.1-4.5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-25T10:26:54Z", details: "moderate", }, ], title: "CVE-2017-12941", }, { cve: "CVE-2017-12942", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12942", }, ], notes: [ { category: "general", text: "libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 8:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 9:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:unrar-5.6.1-4.5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12942", url: "https://www.suse.com/security/cve/CVE-2017-12942", }, { category: "external", summary: "SUSE Bug 1054038 for CVE-2017-12942", url: "https://bugzilla.suse.com/1054038", }, { category: "external", summary: "SUSE Bug 1054600 for CVE-2017-12942", url: "https://bugzilla.suse.com/1054600", }, { category: "external", summary: "SUSE Bug 1196772 for CVE-2017-12942", url: "https://bugzilla.suse.com/1196772", }, { category: "external", summary: "SUSE Bug 1196774 for CVE-2017-12942", url: "https://bugzilla.suse.com/1196774", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 8:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 9:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:unrar-5.6.1-4.5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 8:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 9:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:unrar-5.6.1-4.5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-25T10:26:54Z", details: "moderate", }, ], title: "CVE-2017-12942", }, { cve: "CVE-2017-20006", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-20006", }, ], notes: [ { category: "general", text: "UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 8:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 9:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:unrar-5.6.1-4.5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-20006", url: "https://www.suse.com/security/cve/CVE-2017-20006", }, { category: "external", summary: "SUSE Bug 1187974 for CVE-2017-20006", url: "https://bugzilla.suse.com/1187974", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 8:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 9:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:unrar-5.6.1-4.5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:unrar-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar-devel-5.6.1-4.5.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:libunrar5_6_1-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 8:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud 9:unrar-5.6.1-4.5.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:unrar-5.6.1-4.5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-25T10:26:54Z", details: "moderate", }, ], title: "CVE-2017-20006", }, ], }
suse-su-2018:0862-1
Vulnerability from csaf_suse
Published
2018-04-03 15:16
Modified
2018-04-03 15:16
Summary
Security update for unrar
Notes
Title of the patch
Security update for unrar
Description of the patch
This update for unrar to version 5.6.1 fixes several issues.
These security issues were fixed:
- CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal
protection mechanism via vectors involving a symlink to the . directory, a
symlink to the .. directory, and a regular file (bsc#1054038).
- CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call
within the Archive::ReadHeader15 function (bsc#1054038).
- CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20
function (bsc#1054038).
- CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function
(bsc#1054038).
These non-security issues were fixed:
- Added extraction support for .LZ archives created by Lzip compressor
- Enable unpacking of files in ZIP archives compressed with XZ algorithm and
encrypted with AES
- Added support for PAX extended headers inside of TAR archive
- If RAR recovery volumes (.rev files) are present in the same folder as usual
RAR volumes, archive test command verifies .rev contents after completing
testing .rar files
- By default unrar skips symbolic links with absolute paths in link target when
extracting unless -ola command line switch is specified
- Added support for AES-NI CPU instructions
- Support for a new RAR 5.0 archiving format
- Wildcard exclusion mask for folders
- Added libunrar* and libunrar*-devel subpackages (bsc#513804)
- Prevent conditional jumps depending on uninitialised values (bsc#1046882)
Patchnames
slessp4-unrar-13542
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for unrar", title: "Title of the patch", }, { category: "description", text: "This update for unrar to version 5.6.1 fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal\n protection mechanism via vectors involving a symlink to the . directory, a\n symlink to the .. directory, and a regular file (bsc#1054038).\n- CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call\n within the Archive::ReadHeader15 function (bsc#1054038).\n- CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20\n function (bsc#1054038).\n- CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function\n (bsc#1054038).\n\nThese non-security issues were fixed:\n\n- Added extraction support for .LZ archives created by Lzip compressor\n- Enable unpacking of files in ZIP archives compressed with XZ algorithm and\n encrypted with AES\n- Added support for PAX extended headers inside of TAR archive\n- If RAR recovery volumes (.rev files) are present in the same folder as usual\n RAR volumes, archive test command verifies .rev contents after completing\n testing .rar files\n- By default unrar skips symbolic links with absolute paths in link target when\n extracting unless -ola command line switch is specified\n- Added support for AES-NI CPU instructions \n- Support for a new RAR 5.0 archiving format\n- Wildcard exclusion mask for folders\n- Added libunrar* and libunrar*-devel subpackages (bsc#513804)\n- Prevent conditional jumps depending on uninitialised values (bsc#1046882)\n", title: "Description of the patch", }, { category: "details", text: "slessp4-unrar-13542", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0862-1.json", }, { category: "self", summary: "URL for SUSE-SU-2018:0862-1", url: "https://www.suse.com/support/update/announcement/2018/suse-su-20180862-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2018:0862-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2018-April/003863.html", }, { category: "self", summary: "SUSE Bug 1046882", url: "https://bugzilla.suse.com/1046882", }, { category: "self", summary: "SUSE Bug 1054038", url: "https://bugzilla.suse.com/1054038", }, { category: "self", summary: "SUSE Bug 513804", url: "https://bugzilla.suse.com/513804", }, { category: "self", summary: "SUSE Bug 693890", url: "https://bugzilla.suse.com/693890", }, { category: "self", summary: "SUSE CVE CVE-2012-6706 page", url: "https://www.suse.com/security/cve/CVE-2012-6706/", }, { category: "self", summary: "SUSE CVE CVE-2017-12938 page", url: "https://www.suse.com/security/cve/CVE-2017-12938/", }, { category: "self", summary: "SUSE CVE CVE-2017-12940 page", url: "https://www.suse.com/security/cve/CVE-2017-12940/", }, { category: "self", summary: "SUSE CVE CVE-2017-12941 page", url: "https://www.suse.com/security/cve/CVE-2017-12941/", }, { category: "self", summary: "SUSE CVE CVE-2017-12942 page", url: "https://www.suse.com/security/cve/CVE-2017-12942/", }, ], title: "Security update for unrar", tracking: { current_release_date: "2018-04-03T15:16:58Z", generator: { date: "2018-04-03T15:16:58Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2018:0862-1", initial_release_date: "2018-04-03T15:16:58Z", revision_history: [ { date: "2018-04-03T15:16:58Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "unrar-5.6.1-5.3.1.i586", product: { name: "unrar-5.6.1-5.3.1.i586", product_id: "unrar-5.6.1-5.3.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "unrar-5.6.1-5.3.1.ia64", product: { name: "unrar-5.6.1-5.3.1.ia64", product_id: "unrar-5.6.1-5.3.1.ia64", }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "unrar-5.6.1-5.3.1.ppc64", product: { name: "unrar-5.6.1-5.3.1.ppc64", product_id: "unrar-5.6.1-5.3.1.ppc64", }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "unrar-5.6.1-5.3.1.s390x", product: { name: "unrar-5.6.1-5.3.1.s390x", product_id: "unrar-5.6.1-5.3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "unrar-5.6.1-5.3.1.x86_64", product: { name: "unrar-5.6.1-5.3.1.x86_64", product_id: "unrar-5.6.1-5.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP4", product: { name: "SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4", product_identification_helper: { cpe: "cpe:/o:suse:suse_sles:11:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:11:sp4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-5.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586", }, product_reference: "unrar-5.6.1-5.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-5.3.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64", }, product_reference: "unrar-5.6.1-5.3.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-5.3.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64", }, product_reference: "unrar-5.6.1-5.3.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-5.3.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x", }, product_reference: "unrar-5.6.1-5.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-5.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64", }, product_reference: "unrar-5.6.1-5.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-5.3.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586", }, product_reference: "unrar-5.6.1-5.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-5.3.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64", }, product_reference: "unrar-5.6.1-5.3.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-5.3.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64", }, product_reference: "unrar-5.6.1-5.3.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-5.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x", }, product_reference: "unrar-5.6.1-5.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "unrar-5.6.1-5.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64", }, product_reference: "unrar-5.6.1-5.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, ], }, vulnerabilities: [ { cve: "CVE-2012-6706", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-6706", }, ], notes: [ { category: "general", text: "A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the \"DestPos\" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-6706", url: "https://www.suse.com/security/cve/CVE-2012-6706", }, { category: "external", summary: "SUSE Bug 1045315 for CVE-2012-6706", url: "https://bugzilla.suse.com/1045315", }, { category: "external", summary: "SUSE Bug 1045490 for CVE-2012-6706", url: "https://bugzilla.suse.com/1045490", }, { category: "external", summary: "SUSE Bug 1053919 for CVE-2012-6706", url: "https://bugzilla.suse.com/1053919", }, { category: "external", summary: "SUSE Bug 1083915 for CVE-2012-6706", url: "https://bugzilla.suse.com/1083915", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-04-03T15:16:58Z", details: "critical", }, ], title: "CVE-2012-6706", }, { cve: "CVE-2017-12938", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12938", }, ], notes: [ { category: "general", text: "UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12938", url: "https://www.suse.com/security/cve/CVE-2017-12938", }, { category: "external", summary: "SUSE Bug 1054038 for CVE-2017-12938", url: "https://bugzilla.suse.com/1054038", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-04-03T15:16:58Z", details: "moderate", }, ], title: "CVE-2017-12938", }, { cve: "CVE-2017-12940", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12940", }, ], notes: [ { category: "general", text: "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12940", url: "https://www.suse.com/security/cve/CVE-2017-12940", }, { category: "external", summary: "SUSE Bug 1054038 for CVE-2017-12940", url: "https://bugzilla.suse.com/1054038", }, { category: "external", summary: "SUSE Bug 1196772 for CVE-2017-12940", url: "https://bugzilla.suse.com/1196772", }, { category: "external", summary: "SUSE Bug 1196774 for CVE-2017-12940", url: "https://bugzilla.suse.com/1196774", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-04-03T15:16:58Z", details: "moderate", }, ], title: "CVE-2017-12940", }, { cve: "CVE-2017-12941", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12941", }, ], notes: [ { category: "general", text: "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12941", url: "https://www.suse.com/security/cve/CVE-2017-12941", }, { category: "external", summary: "SUSE Bug 1054038 for CVE-2017-12941", url: "https://bugzilla.suse.com/1054038", }, { category: "external", summary: "SUSE Bug 1196772 for CVE-2017-12941", url: "https://bugzilla.suse.com/1196772", }, { category: "external", summary: "SUSE Bug 1196774 for CVE-2017-12941", url: "https://bugzilla.suse.com/1196774", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-04-03T15:16:58Z", details: "moderate", }, ], title: "CVE-2017-12941", }, { cve: "CVE-2017-12942", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12942", }, ], notes: [ { category: "general", text: "libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12942", url: "https://www.suse.com/security/cve/CVE-2017-12942", }, { category: "external", summary: "SUSE Bug 1054038 for CVE-2017-12942", url: "https://bugzilla.suse.com/1054038", }, { category: "external", summary: "SUSE Bug 1054600 for CVE-2017-12942", url: "https://bugzilla.suse.com/1054600", }, { category: "external", summary: "SUSE Bug 1196772 for CVE-2017-12942", url: "https://bugzilla.suse.com/1196772", }, { category: "external", summary: "SUSE Bug 1196774 for CVE-2017-12942", url: "https://bugzilla.suse.com/1196774", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:unrar-5.6.1-5.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:unrar-5.6.1-5.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-04-03T15:16:58Z", details: "moderate", }, ], title: "CVE-2017-12942", }, ], }
fkie_cve-2017-12940
Vulnerability from fkie_nvd
Published
2017-08-18 14:29
Modified
2025-04-20 01:37
Severity ?
Summary
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rarlab:unrar:*:*:*:*:*:*:*:*", matchCriteriaId: "4FBF68E6-20E3-4B2A-A07B-F8E8D3037F82", versionEndIncluding: "5.5.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.", }, { lang: "es", value: "libunrar.a en UnRAR en versiones anteriores a la 5.5.7 tiene un problema de lectura fuera de los límites de la memoria en la llamada EncodeFileName::Decode en la función Archive::ReadHeader15.", }, ], id: "CVE-2017-12940", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-08-18T14:29:00.437", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, { source: "cve@mitre.org", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201709-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2017/q3/290", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201709-24", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
ghsa-7rmv-8xhh-9hgp
Vulnerability from github
Published
2022-05-14 03:17
Modified
2022-05-14 03:17
Severity ?
Details
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.
{ affected: [], aliases: [ "CVE-2017-12940", ], database_specific: { cwe_ids: [ "CWE-125", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2017-08-18T14:29:00Z", severity: "CRITICAL", }, details: "libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.", id: "GHSA-7rmv-8xhh-9hgp", modified: "2022-05-14T03:17:43Z", published: "2022-05-14T03:17:43Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-12940", }, { type: "WEB", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", }, { type: "WEB", url: "https://security.gentoo.org/glsa/201709-24", }, { type: "WEB", url: "http://seclists.org/oss-sec/2017/q3/290", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.