782008 – Libarchive is unable to open ISO files - Regression caused due to CVE-2011-1777 security fix

Bug 782008 - Libarchive is unable to open ISO files - Regression caused due to CVE-2011-1777 security fix

Summary: Libarchive is unable to open ISO files - Regression caused due to CVE-2011-17...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	libarchive
Sub Component:
Version:	6.2
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Tomáš Bžatek
QA Contact:	qe-baseos-daemons
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	783375
TreeView+	depends on / blocked

Reported:	2012-01-16 10:49 UTC by Ramon de C Valle
Modified:	2015-03-03 23:04 UTC (History)
CC List:	9 users (show)
Fixed In Version:	libarchive-2.8.3-4.el6_2
Doc Type:	Bug Fix
Doc Text:	A bug introduced by fixing the CVE-2011-1777 security vulnerability broke functionality of the ISO 9660 CD-ROM image reader and prevented users from opening ISO 9660 images. A patch has been applied to restore full functionality.
Clone Of:	CVE-2010-4666, CVE-2011-1777, CVE-2011-1778, CVE-2011-1779
Clones:	783375 (view as bug list)
Environment:
Last Closed:	2012-04-09 13:17:26 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2012:0464	0	normal	SHIPPED_LIVE	libarchive bug fix update	2012-04-09 17:16:04 UTC

Comment 3 Ramon de C Valle 2012-01-16 11:14:16 UTC

This is a regression from Bug 705849 in latest version of libarchive package released via RHSA-2011:1507. The CVE-2011-1777.patch attached to Bug 705849 breaks ISO support. This regression was found by Mageia QA: https://bugs.mageia.org/show_bug.cgi?id=3941.

Comment 4 Tomáš Bžatek 2012-01-20 17:26:21 UTC

Rising severity/priority as this regression should better be fixed in 6.3

Comment 6 RHEL Program Management 2012-02-08 07:03:27 UTC

This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.

Comment 13 Eliska Slobodova 2012-04-02 10:32:52 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
A bug introduced by fixing the CVE-2011-1777 security vulnerability broke functionality of the ISO 9660 CD-ROM image reader and prevented users from opening ISO 9660 images. A patch has been applied to restore full functionality.

Comment 15 errata-xmlrpc 2012-04-09 13:17:26 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0464.html

Note You need to log in before you can comment on or make changes to this bug.