Bug 782008

Summary: Libarchive is unable to open ISO files - Regression caused due to CVE-2011-1777 security fix
Product: Red Hat Enterprise Linux 6 Reporter: Ramon de C Valle <rcvalle>
Component: libarchiveAssignee: Tomáš Bžatek <tbzatek>
Status: CLOSED ERRATA QA Contact: qe-baseos-daemons
Severity: high Docs Contact:
Priority: high    
Version: 6.2CC: anssi.hannula, azelinka, bressers, ndevos, rcvalle, syeghiay, tbzatek, tsmetana, vdanen
Target Milestone: rcKeywords: Regression, ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libarchive-2.8.3-4.el6_2 Doc Type: Bug Fix
Doc Text:
A bug introduced by fixing the CVE-2011-1777 security vulnerability broke functionality of the ISO 9660 CD-ROM image reader and prevented users from opening ISO 9660 images. A patch has been applied to restore full functionality.
 Story Points: ---
Clone Of: CVE-2010-4666, CVE-2011-1777, CVE-2011-1778, CVE-2011-1779
: 783375 (view as bug list) Environment:
Last Closed: 2012-04-09 13:17:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 783375    

Comment 3 Ramon de C Valle 2012-01-16 11:14:16 UTC 
This is a regression from Bug 705849 in latest version of libarchive package released via RHSA-2011:1507. The CVE-2011-1777.patch attached to Bug 705849 breaks ISO support. This regression was found by Mageia QA: https://bugs.mageia.org/show_bug.cgi?id=3941.
Comment 4 Tomáš Bžatek 2012-01-20 17:26:21 UTC 
Rising severity/priority as this regression should better be fixed in 6.3
Comment 6 RHEL Program Management 2012-02-08 07:03:27 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.
Comment 13 Eliska Slobodova 2012-04-02 10:32:52 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
A bug introduced by fixing the CVE-2011-1777 security vulnerability broke functionality of the ISO 9660 CD-ROM image reader and prevented users from opening ISO 9660 images. A patch has been applied to restore full functionality.
Comment 15 errata-xmlrpc 2012-04-09 13:17:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0464.html