An integer overflow vulnerability was found in libarchive when verifying filename lengths when writing ISO9660 archives. This can lead to a crash when writing ISO9660 images with 2GB or 4GB filenames. Upstream bug: https://github.com/libarchive/libarchive/issues/711 CVE request: http://seclists.org/oss-sec/2016/q3/114
Created libarchive3 tracking bugs for this issue: Affects: epel-6 [bug 1358370]
Created mingw-libarchive tracking bugs for this issue: Affects: fedora-all [bug 1358368]
Created libarchive tracking bugs for this issue: Affects: fedora-all [bug 1358367] Affects: epel-5 [bug 1358369]
Upstream fix: https://github.com/libarchive/libarchive/commit/3014e19820ea53c15c90f9d447ca3e668a0b76c6 CVE assignment: http://seclists.org/oss-sec/2016/q3/123
mingw-libarchive-3.2.1-2.fc24, mingw-xz-5.2.2-3.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.