Bug 1300207 - (CVE-2016-2037) CVE-2016-2037 cpio: out of bounds write
CVE-2016-2037 cpio: out of bounds write
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 1300208
Blocks: 1300204
  Show dependency treegraph
Reported: 2016-01-20 04:27 EST by Andrej Nemec
Modified: 2017-02-17 09:03 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-03-17 09:28:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Andrej Nemec 2016-01-20 04:27:56 EST
An out of bounds write was found in a way cpio parses certain cpio files. A specially crafted file can cause the application to crash.

Original bug report with reproducer:

Comment 1 Andrej Nemec 2016-01-20 04:28:21 EST
Created cpio tracking bugs for this issue:

Affects: fedora-all [bug 1300208]
Comment 2 Andrej Nemec 2016-02-12 10:12:34 EST
Upstream fix:

Comment 6 Thomas Jarosch 2016-04-06 07:21:22 EDT
may I ask why this issue was closed as "WONTFIX"?

The cpio version in Fedora 22 and RHEL 7 are affected and are not patched.

According to LWN (lwn.net/Vulnerabilities/675700/), the issue is an out-of-bounds-write.

cpio might be invoked by amavisd-new email content scanner.
Comment 7 Thomas Jarosch 2016-04-06 07:31:19 EDT
alright, so there's a tracking bug for Fedora. Mea culpa.

Still RHEL seems affected, too.
Comment 8 Cedric Buissart 2016-04-07 04:55:29 EDT
It's not uncommon for us to close security issues as WONTFIX if we think that they are not critical enough to warrant an immediate security fix.

If you can provide us with additional information, concerns or further questions, you are welcome to contact us via secalert@redhat.com

Note You need to log in before you can comment on or make changes to this bug.