A denial of service was discovered in libarchive in the processing of .iso files. A specially crafted .iso could cause the process to go into an (almost) endless loop, eventually exiting with an error after hitting memory limits. libarchive-2.8 does not support the required construct in ISO files. Upstream bug: https://github.com/libarchive/libarchive/issues/522 Upstream fix (two parts): https://github.com/libarchive/libarchive/commit/39fc593 https://github.com/libarchive/libarchive/commit/01cfbca
Created libarchive tracking bugs for this issue: Affects: fedora-all [bug 1352776]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1844 https://rhn.redhat.com/errata/RHSA-2016-1844.html