911486 – <app-arch/libarchive-3.7.1: SEGV and stack buffer overflow in verbose mode of cpio

Bug 911486 - <app-arch/libarchive-3.7.1: SEGV and stack buffer overflow in verbose mode of cpio

Summary: <app-arch/libarchive-3.7.1: SEGV and stack buffer overflow in verbose mode of...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://github.com/libarchive/libarch...
Whiteboard:	A3 [glsa+]
Keywords:

Depends on:	911487
Blocks:
	Show dependency tree

Reported:	2023-07-30 03:04 UTC by Michał Górny
Modified:	2023-09-29 13:41 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michał Górny archtester

2023-07-30 03:04:55 UTC

Libarchive 3.7.1 is a security, feature and bugfix release.

Security fixes:

    SEGV and stack buffer overflow in verbose mode of cpio (#1934, #1935)

Comment 1 Larry the Git Cow gentoo-dev

2023-09-29 13:39:36 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=e05346e205e470b799ae6c0dafb506d6aa1cdae8

commit e05346e205e470b799ae6c0dafb506d6aa1cdae8
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-09-29 13:38:51 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-09-29 13:39:30 +0000

    [ GLSA 202309-14 ] libarchive: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/882521
    Bug: https://bugs.gentoo.org/911486
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202309-14.xml | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)