2024242 – libarchive: modifies file flags of symlink target

Bug 2024242 - libarchive: modifies file flags of symlink target

Summary: libarchive: modifies file flags of symlink target

Keywords:
Status:	CLOSED DUPLICATE of bug 2024237
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2024238 2024243 2024244
Blocks:	2024258
TreeView+	depends on / blocked

Reported:	2021-11-17 16:50 UTC by Guilherme de Almeida Suckevicz
Modified:	2022-02-17 10:47 UTC (History)
CC List:	20 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-11-26 04:30:37 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-11-17 16:50:37 UTC

libarchive before 3.5.2, when opening a file descriptor to set file flags on Linux, would follow symbolic links. In case an archive contains a directory entry followed by a symlink entry with the same path, libarchive would modify file flags of the symlink target.

Reference and upstream patch:
https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b

Comment 1 Guilherme de Almeida Suckevicz 2021-11-17 16:50:58 UTC

Created libarchive tracking bugs for this issue:

Affects: fedora-all [bug 2024244]


Created mingw-libarchive tracking bugs for this issue:

Affects: fedora-all [bug 2024243]

Comment 5 Doran Moppert 2021-11-26 04:30:37 UTC

This is a continuation of bug 2024237, completing the fix begun there.

*** This bug has been marked as a duplicate of bug 2024237 ***

Note You need to log in before you can comment on or make changes to this bug.

bdettelb
caswilli
databases-maint
dkuc
fjansen
jburrell
jnakfour
jwong
kaycoth
mike
mulliken
ndevos
odubaj
panovotn
pkubat
praiskup
psegedy
sbiarozk
vkumar
vmugicag