Red Hat Bugzilla – Bug 1348429
CVE-2015-8928 libarchive: Heap out of bounds read in mtree parser
Last modified: 2016-10-18 00:58:42 EDT
Upstream bug: https://github.com/libarchive/libarchive/issues/550 Upstream fix: https://github.com/libarchive/libarchive/commit/64d5628 > The mtree parser scanned from the end of the string to identify > the filename when the filename is the last element of the line. > If the filename was the entire line, the logic would scan back > to before the start of the string. libarchive-2.8 does not include support for this mtree variant.
Created libarchive tracking bugs for this issue: Affects: fedora-all [bug 1352776]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1844 https://rhn.redhat.com/errata/RHSA-2016-1844.html