Bugzilla – Bug 998677
VUL-0: CVE-2016-5418: libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite
Last modified: 2020-04-23 15:41:42 UTC
rh#1362601 Insomnia Security (as part of a pre-arranged commercial engagement) reports: A vulnerability in libarchive exists that allows an archive Entry with type 1 (hardlink), but has a non-zero data size to cause a file overwrite. This vulnerability can be leveraged in a way that has a significant security impact (this was not clear at first during initial research by upstream). References: https://bugzilla.redhat.com/show_bug.cgi?id=1362601 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5418 https://rhn.redhat.com/errata/RHSA-2016-1850.html https://rhn.redhat.com/errata/RHSA-2016-1852.html https://rhn.redhat.com/errata/RHSA-2016-1853.html https://access.redhat.com/errata/RHSA-2016:1853 https://access.redhat.com/errata/RHSA-2016:1852 https://access.redhat.com/security/cve/CVE-2016-5418 https://rhn.redhat.com/errata/RHSA-2016-1844.html
bugbot adjusting priority
From https://security-tracker.debian.org/tracker/CVE-2016-5418: Centos patch: https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418.patch;jsessionid=1dexz8h9qdewibih5aonbu3 Centos additional patch: https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418-variation.patch;jsessionid=1dexz8h9qdewibih5aonbu3 Fixed by (for #744): https://github.com/libarchive/libarchive/commit/1fa9c7bf90f0862036a99896b0501c381584451a Fixed by (for #745 and #746): https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9 https://bugzilla.redhat.com/show_bug.cgi?id=1362601, relates to upstream bugs #744, #745 and #746 https://github.com/libarchive/libarchive/issues/743 (umbrella report) https://github.com/libarchive/libarchive/issues/744 https://github.com/libarchive/libarchive/issues/745 https://github.com/libarchive/libarchive/issues/746 Testcase: https://github.com/libarchive/libarchive/commit/063ea3ea3fcb569a380b2ebe9c9ddd8bd6ce0d49 Fix for testcase: https://github.com/libarchive/libarchive/commit/50952acd22df3326c49771f5e5ba48630899468c
SUSE-SU-2016:2911-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 1005070,1005072,1005076,986566,989980,998677 CVE References: CVE-2015-2304,CVE-2016-5418,CVE-2016-5844,CVE-2016-6250,CVE-2016-8687,CVE-2016-8688,CVE-2016-8689 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP2 (src): libarchive-3.1.2-25.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): libarchive-3.1.2-25.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): libarchive-3.1.2-25.1 SUSE Linux Enterprise Server 12-SP2 (src): libarchive-3.1.2-25.1 SUSE Linux Enterprise Server 12-SP1 (src): libarchive-3.1.2-25.1 SUSE Linux Enterprise Desktop 12-SP2 (src): libarchive-3.1.2-25.1 SUSE Linux Enterprise Desktop 12-SP1 (src): libarchive-3.1.2-25.1
openSUSE-SU-2016:3002-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 1005070,1005072,1005076,986566,989980,998677 CVE References: CVE-2015-2304,CVE-2016-5418,CVE-2016-5844,CVE-2016-6250,CVE-2016-8687,CVE-2016-8688,CVE-2016-8689 Sources used: openSUSE Leap 42.2 (src): libarchive-3.1.2-16.1
openSUSE-SU-2016:3005-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 1005070,1005072,1005076,986566,989980,998677 CVE References: CVE-2015-2304,CVE-2016-5418,CVE-2016-5844,CVE-2016-6250,CVE-2016-8687,CVE-2016-8688,CVE-2016-8689 Sources used: openSUSE Leap 42.1 (src): libarchive-3.1.2-16.1
is done
Done