A vulnerability was found in libarchive. There exists an out of bounds read in function lha_read_file_header_1(). A maliciously crafted file could cause the application to crash. Upstream patch: https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 References: https://secunia.com/secunia_research/2017-3/
Created libarchive tracking bugs for this issue: Affects: epel-5 [bug 1417919] Affects: epel-6 [bug 1417917] Affects: fedora-all [bug 1417920] Created mingw-libarchive tracking bugs for this issue: Affects: fedora-all [bug 1417918] Created python-libarchive tracking bugs for this issue: Affects: epel-7 [bug 1417922] Affects: fedora-all [bug 1417921]
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification.