Bug 1348780 (CVE-2015-8932)
Summary: | CVE-2015-8932 libarchive: Undefined behavior / invalid shiftleft in TAR parser | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Doran Moppert <dmoppert> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | dmoppert, ndevos, praiskup, slawomir, todoleza |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | libarchive 3.2.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
Undefined behavior (invalid left shift) was discovered in libarchive, in how Compress streams are identified. This could cause certain files to be mistakenly identified as Compress archives and fail to read.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 02:55:17 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1352775, 1352776, 1353065, 1353066, 1353067, 1353068 | ||
Bug Blocks: | 1334215 |
Description
Doran Moppert
2016-06-22 04:21:40 UTC
Created libarchive tracking bugs for this issue: Affects: fedora-all [bug 1352776] Affects: epel-5 [bug 1352775] This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:1850 https://rhn.redhat.com/errata/RHSA-2016-1850.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1844 https://rhn.redhat.com/errata/RHSA-2016-1844.html |