Bug 1358366 - CVE-2016-6250 libarchive: Integer overflow when verifying filename size
Summary: CVE-2016-6250 libarchive: Integer overflow when verifying filename size
Keywords:
Status: CLOSED DUPLICATE of bug 1347085
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1352776 1358367 1358368 1358369 1358370
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-20 15:00 UTC by Adam Mariš
Modified: 2019-09-29 13:53 UTC (History)
7 users (show)

Fixed In Version: libarchive 3.2.1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-07-21 13:37:45 UTC
Embargoed:

Attachments (Terms of Use)

Description Adam Mariš 2016-07-20 15:00:59 UTC 
An integer overflow vulnerability was found in libarchive when verifying filename lengths when writing ISO9660 archives. This can lead to a crash when writing ISO9660 images with 2GB or 4GB filenames.

Upstream bug:

https://github.com/libarchive/libarchive/issues/711

CVE request:

http://seclists.org/oss-sec/2016/q3/114
Comment 1 Adam Mariš 2016-07-20 15:01:44 UTC 
Created libarchive3 tracking bugs for this issue:

Affects: epel-6 [bug 1358370]
Comment 2 Adam Mariš 2016-07-20 15:01:50 UTC 
Created mingw-libarchive tracking bugs for this issue:

Affects: fedora-all [bug 1358368]
Comment 3 Adam Mariš 2016-07-20 15:01:56 UTC 
Created libarchive tracking bugs for this issue:

Affects: fedora-all [bug 1358367]
Affects: epel-5 [bug 1358369]
Comment 4 Andrej Nemec 2016-07-21 08:16:46 UTC 
Upstream fix:

https://github.com/libarchive/libarchive/commit/3014e19820ea53c15c90f9d447ca3e668a0b76c6

CVE assignment:

http://seclists.org/oss-sec/2016/q3/123
Comment 7 Fedora Update System 2016-08-16 19:23:35 UTC 
mingw-libarchive-3.2.1-2.fc24, mingw-xz-5.2.2-3.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.