Bug 1300207 (CVE-2016-2037)
Summary: | CVE-2016-2037 cpio: out of bounds write | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | carnil, cbuissar, databases-maint, kdudka, mdshaikh, ovasik, praiskup, slawomir, thomas.jarosch, trepik |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-03-17 13:28:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1300208 | ||
Bug Blocks: | 1300204 |
Description
Andrej Nemec
2016-01-20 09:27:56 UTC
Created cpio tracking bugs for this issue: Affects: fedora-all [bug 1300208] may I ask why this issue was closed as "WONTFIX"? The cpio version in Fedora 22 and RHEL 7 are affected and are not patched. According to LWN (lwn.net/Vulnerabilities/675700/), the issue is an out-of-bounds-write. cpio might be invoked by amavisd-new email content scanner. alright, so there's a tracking bug for Fedora. Mea culpa. Still RHEL seems affected, too. It's not uncommon for us to close security issues as WONTFIX if we think that they are not critical enough to warrant an immediate security fix. If you can provide us with additional information, concerns or further questions, you are welcome to contact us via secalert |