An exploitable stack based buffer overflow vulnerability exists in the mtree parse_device functionality of libarchive. A specially crafted mtree file can cause a buffer overflow resulting in memory corruption/code execution. An attacker can send a malformed file to trigger this vulnerability. External references: http://www.talosintel.com/reports/TALOS-2016-0153/ Upstream fix: https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77
Contrary to the Talos advisory, the affected code was only introduced after the release of v3.1.2. Thus no Red Hat packages are affected.