First published: Sun Jun 26 2016(Updated: )
Hanno Böck has disclosed another Undefined Behaviour (signed integer overflow) on oss-security: <a href="http://seclists.org/oss-sec/2016/q2/591">http://seclists.org/oss-sec/2016/q2/591</a> Upstream ticket: <a href="https://github.com/libarchive/libarchive/issues/717">https://github.com/libarchive/libarchive/issues/717</a> Upstream fix (released in libarchive-3.2.1): <a href="https://github.com/libarchive/libarchive/commit/3ad08e0">https://github.com/libarchive/libarchive/commit/3ad08e0</a> While the UB exists in 3.2.0, an earlier patch seems to mitigate against the issue: <a href="https://github.com/libarchive/libarchive/commit/e6c9668f">https://github.com/libarchive/libarchive/commit/e6c9668f</a> This function is called immediately after the overflow, and will immediately reject a negative skipsize with ARCHIVE_FATAL, skipping all further processing. Previous releases up to and including 3.1.2 (including 2.8.3, 2.8.4) do not include the mitigation and are thus likely vulnerable.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/libarchive | <3.2.1 | 3.2.1 |
Libarchive Libarchive | <=3.2.0 | |
Redhat Enterprise Linux Desktop | =6.0 | |
Redhat Enterprise Linux Hpc Node | =6.0 | |
Redhat Enterprise Linux Server | =6.0 | |
Redhat Enterprise Linux Workstation | =6.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Hpc Node | =7.0 | |
Redhat Enterprise Linux Hpc Node Eus | =7.2 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =7.2 | |
Redhat Enterprise Linux Server Eus | =7.2 | |
Redhat Enterprise Linux Workstation | =7.0 | |
Oracle Linux | =6 | |
Oracle Linux | =7 | |
Oracle Solaris | =11.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.