Bug#837714: libarchive: CVE-2016-5418: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite

Salvatore Bonaccorso Tue, 13 Sep 2016 21:46:13 -0700

On Tue, Sep 13, 2016 at 09:41:49PM +0200, Salvatore Bonaccorso wrote:
> [0] https://security-tracker.debian.org/tracker/CVE-2016-5418
> [1] 
> https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418.patch;jsessionid=1dexz8h9qdewibih5aonbu3
> [2] 
> https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418-variation.patch;jsessionid=1dexz8h9qdewibih5aonbu3
> [3] 
> https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9


Please note, not (yet) clear if [3] ist the only one. The CVE relates
to https://bugzilla.redhat.com/show_bug.cgi?id=1362601 and to 
http://seclists.org/oss-sec/2016/q3/255 . 

Regards,
Salvatore

Bug#837714: libarchive: CVE-2016-5418: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite

Reply via email to