Bug 1349204 (CVE-2015-8930)

Summary:	CVE-2015-8930 libarchive: Endless loop in ISO parser
Product:	[Other] Security Response	Reporter:	Doran Moppert <dmoppert>
Component:	vulnerability	Assignee:	Red Hat Product Security <security-response-team>
Status:	CLOSED ERRATA	QA Contact:
Severity:	low	Docs Contact:
Priority:	low
Version:	unspecified	CC:	anemec, ndevos, praiskup, slawomir
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	libarchive 3.2.0	Doc Type:	Bug Fix
Doc Text:	A vulnerability was found in libarchive. A specially crafted ISO file could cause the application to consume resources until it hit a memory limit, leading to a crash or denial of service.	Story Points:	---
Clone Of:		Environment:
Last Closed:	2016-10-18 04:59:52 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	1352776, 1353065, 1353066
Bug Blocks:	1334215

Description Doran Moppert 2016-06-23 00:16:40 UTC

A denial of service was discovered in libarchive in the processing of .iso
files.  A specially crafted .iso could cause the process to go into an (almost)
endless loop, eventually exiting with an error after hitting memory limits.

libarchive-2.8 does not support the required construct in ISO files.

Upstream bug:
    https://github.com/libarchive/libarchive/issues/522

Upstream fix (two parts):
    https://github.com/libarchive/libarchive/commit/39fc593

    https://github.com/libarchive/libarchive/commit/01cfbca

Comment 2 Doran Moppert 2016-07-05 04:38:28 UTC

Created libarchive tracking bugs for this issue:

Affects: fedora-all [bug 1352776]

Comment 5 errata-xmlrpc 2016-09-12 20:14:57 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:1844 https://rhn.redhat.com/errata/RHSA-2016-1844.html