An out of bounds read was discovered in the mtree parser. A specially crafted mtree file could cause libarchive to read beyond a statically declared structure. The read was using memcmp(), so data could not be directly exfiltrated by an attacker. The vulnerable code appears to be reachable through other paths in libarchive-2.8, though the reproducer in the upstream ticket fails to generate a warning. Upstream bug: https://github.com/libarchive/libarchive/issues/512 Upstream fix: https://github.com/libarchive/libarchive/commit/1cbc76f
Created libarchive tracking bugs for this issue: Affects: fedora-all [bug 1352776] Affects: epel-5 [bug 1352775]
(In reply to Doran Moppert from comment #0) > Upstream fix: > https://github.com/libarchive/libarchive/commit/1cbc76f For myself: that is incomplete fix, there are follow-up patches.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:1850 https://rhn.redhat.com/errata/RHSA-2016-1850.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1844 https://rhn.redhat.com/errata/RHSA-2016-1844.html
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2015-8921