Bug 1348770 (CVE-2015-8918)
| Summary: | CVE-2015-8918 libarchive: Overlapping memcpy in CAB parser | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Doran Moppert <dmoppert> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | anemec, ndevos, praiskup, trepik |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libarchive 3.2.0 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-06-22 03:30:03 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1334215 | ||
Undefined behaviour was discovered in libarchive in the CAB format parser. memcpy() was used to move data between two memory segments that could overlap, leading to potential undefined behaviour on specially-crafted CAB files. The vulnerable code was never in a released version; it was introduced and fixed between v3.1.2 and v3.2.0. Upstream bug: https://github.com/libarchive/libarchive/issues/506 Upstream fix: https://github.com/libarchive/libarchive/commit/b6ba560