Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 836352 (CVE-2022-26280)

Summary: <app-arch/libarchive-3.6.1: out-of-bounds read (CVE-2022-26280)
Product: Gentoo Security Reporter: filip ambroz <filip.ambroz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: mgorny
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/libarchive/libarchive/issues/1672
Whiteboard: A3 [glsa+]
Package list:
Runtime testing required: ---

Description filip ambroz 2022-03-29 06:42:56 UTC
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 04:45:18 UTC
Released in 3.6.1
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 04:47:54 UTC
GLSA request filed
Comment 5 Larry the Git Cow gentoo-dev 2022-08-14 16:09:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=876025c7afca0f5ee13ac2b34bc49c9928ab4128

commit 876025c7afca0f5ee13ac2b34bc49c9928ab4128
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-14 16:08:34 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-14 16:09:43 +0000

    [ GLSA 202208-26 ] libarchive: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/803128
    Bug: https://bugs.gentoo.org/836352
    Bug: https://bugs.gentoo.org/837266
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202208-26.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 16:10:35 UTC
GLSA done, all done.