This site requires JavaScript to be enabled to function correctly, please enable it.
Summary:
CVE-2015-8932 libarchive: Undefined behavior / invalid shiftleft in TAR parser
Product:
[Other] Security Response
Reporter:
Doran Moppert <dmoppert>
Component:
vulnerability Assignee:
Red Hat Product Security <security-response-team>
Status:
CLOSED
ERRATA
QA Contact:
Severity:
low
Docs Contact:
Priority:
low
Version:
unspecified CC:
dmoppert, ndevos, praiskup, slawomir, todoleza
Target Milestone:
--- Keywords:
Security
Target Release:
---
Hardware:
All
OS:
Linux
Whiteboard:
Fixed In Version:
libarchive 3.2.0
Doc Type:
If docs needed, set a value
Doc Text:
Undefined behavior (invalid left shift) was discovered in libarchive, in how Compress streams are identified. This could cause certain files to be mistakenly identified as Compress archives and fail to read.
Story Points:
---
Clone Of:
Environment:
Last Closed:
2019-06-08 02:55:17 UTC
Type:
---
Regression:
---
Mount Type:
---
Documentation:
---
CRM:
Verified Versions:
Category:
---
oVirt Team:
---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:
---
Target Upstream Version:
Embargoed:
Bug Depends On:
1352775 , 1352776 , 1353065 , 1353066 , 1353067 , 1353068
Bug Blocks:
1334215
Undefined behaviour (invalid left shift) was discovered in libarchive, in how Compress streams are identified. This could cause certain files to be mistakenly identified as Compress archives and fail to read. Upstream bug: https://github.com/libarchive/libarchive/issues/547 Upstream fix: https://github.com/libarchive/libarchive/commit/f0b1dbb