In libarchive before 3.5.2, when an archive entry contains a symbolic link that has defined ACLs on Linux, on extraction the ACLs of the link target are modified. This is because the function acl_set_file() is used without a prior check if the file is not a symbolic link. On Linux ACLs on symbolic links are not supported. Reference: https://github.com/libarchive/libarchive/issues/1565 Upstream patch: https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad
Created libarchive tracking bugs for this issue: Affects: fedora-all [bug 2024246] Created mingw-libarchive tracking bugs for this issue: Affects: fedora-all [bug 2024247]
*** Bug 2054465 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0892 https://access.redhat.com/errata/RHSA-2022:0892
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-23177