CVE-2016-4809: Input Validation

First published: Thu Jun 16 2016(Updated: )

A cpio archive with a ridiculously large symlink can cause memory allocation to fail, resulting in any attempt to view or extract the archive crashing. The failed allocation appears to be handled correctly within libarchive and not lead to further issues. External references: <a href="https://github.com/libarchive/libarchive/issues/705">https://github.com/libarchive/libarchive/issues/705</a> Upstream fix: <a href="https://github.com/libarchive/libarchive/commit/fd7e0c02">https://github.com/libarchive/libarchive/commit/fd7e0c02</a>

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/libarchive	<3.2.1	3.2.1
Redhat Enterprise Linux Desktop	=6.0
Redhat Enterprise Linux Hpc Node	=6.0
Redhat Enterprise Linux Server	=6.0
Redhat Enterprise Linux Workstation	=6.0
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Hpc Node	=7.0
Redhat Enterprise Linux Hpc Node Eus	=7.2
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Aus	=7.2
Redhat Enterprise Linux Server Eus	=7.2
Redhat Enterprise Linux Workstation	=7.0
Oracle Linux	=6
Oracle Linux	=7
Libarchive Libarchive	<=3.2.0

Remedy

https://github.com/libarchive/libarchive/commit/fd7e0c02

Remedy

https://github.com/libarchive/libarchive/issues/705

Never miss a vulnerability like this again

Reference Links

agent/type
agent/remedy
agent/softwarecombine
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
agent/severity
agent/weakness
agent/author
agent/references
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2016-4809
agent/software-canonical-lookup
agent/event
agent/tags
agent/trending
vendor/redhat
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/6.0
canonical/redhat enterprise linux hpc node
version/redhat enterprise linux hpc node/6.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/6.0
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/6.0
version/redhat enterprise linux desktop/7.0
version/redhat enterprise linux hpc node/7.0
canonical/redhat enterprise linux hpc node eus
version/redhat enterprise linux hpc node eus/7.2
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.2
canonical/redhat enterprise linux server eus
version/redhat enterprise linux server eus/7.2
version/redhat enterprise linux workstation/7.0
vendor/oracle
canonical/oracle linux
version/oracle linux/6
version/oracle linux/7
vendor/libarchive
canonical/libarchive libarchive
version/libarchive libarchive/3.2.0
package-manager/redhat

CVE-2016-4809: Input Validation

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact