Bug 1358366

Summary: CVE-2016-6250 libarchive: Integer overflow when verifying filename size
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED DUPLICATE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: anto.trande, besser82, mike, ndevos, praiskup, slawomir, trepik
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libarchive 3.2.1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-21 13:37:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1352776, 1358367, 1358368, 1358369, 1358370    
Bug Blocks:    

Description Adam Mariš 2016-07-20 15:00:59 UTC 
An integer overflow vulnerability was found in libarchive when verifying filename lengths when writing ISO9660 archives. This can lead to a crash when writing ISO9660 images with 2GB or 4GB filenames.

Upstream bug:

https://github.com/libarchive/libarchive/issues/711

CVE request:

http://seclists.org/oss-sec/2016/q3/114
Comment 1 Adam Mariš 2016-07-20 15:01:44 UTC 
Created libarchive3 tracking bugs for this issue:

Affects: epel-6 [bug 1358370]
Comment 2 Adam Mariš 2016-07-20 15:01:50 UTC 
Created mingw-libarchive tracking bugs for this issue:

Affects: fedora-all [bug 1358368]
Comment 3 Adam Mariš 2016-07-20 15:01:56 UTC 
Created libarchive tracking bugs for this issue:

Affects: fedora-all [bug 1358367]
Affects: epel-5 [bug 1358369]
Comment 4 Andrej Nemec 2016-07-21 08:16:46 UTC 
Upstream fix:

https://github.com/libarchive/libarchive/commit/3014e19820ea53c15c90f9d447ca3e668a0b76c6

CVE assignment:

http://seclists.org/oss-sec/2016/q3/123
Comment 7 Fedora Update System 2016-08-16 19:23:35 UTC 
mingw-libarchive-3.2.1-2.fc24, mingw-xz-5.2.2-3.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.