Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 911486

Summary: <app-arch/libarchive-3.7.1: SEGV and stack buffer overflow in verbose mode of cpio
Product: Gentoo Security Reporter: Michał Górny <mgorny>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: mgorny
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/libarchive/libarchive/releases/tag/v3.7.1
Whiteboard: A3 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 911487    
Bug Blocks:    

Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2023-07-30 03:04:55 UTC 
Libarchive 3.7.1 is a security, feature and bugfix release.

Security fixes:

    SEGV and stack buffer overflow in verbose mode of cpio (#1934, #1935)
Comment 1 Larry the Git Cow gentoo-dev 2023-09-29 13:39:36 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=e05346e205e470b799ae6c0dafb506d6aa1cdae8

commit e05346e205e470b799ae6c0dafb506d6aa1cdae8
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-09-29 13:38:51 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-09-29 13:39:30 +0000

    [ GLSA 202309-14 ] libarchive: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/882521
    Bug: https://bugs.gentoo.org/911486
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202309-14.xml | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)