Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 836352 (CVE-2022-26280) - <app-arch/libarchive-3.6.1: out-of-bounds read (CVE-2022-26280)
Summary: <app-arch/libarchive-3.6.1: out-of-bounds read (CVE-2022-26280)
Status: RESOLVED FIXED
Alias: CVE-2022-26280
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://github.com/libarchive/libarch...
Whiteboard: A3 [glsa+]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-03-29 06:42 UTC by filip ambroz
Modified: 2022-08-14 16:10 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description filip ambroz 2022-03-29 06:42:56 UTC
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 04:45:18 UTC
Released in 3.6.1
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 04:47:54 UTC
GLSA request filed
Comment 5 Larry the Git Cow gentoo-dev 2022-08-14 16:09:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=876025c7afca0f5ee13ac2b34bc49c9928ab4128

commit 876025c7afca0f5ee13ac2b34bc49c9928ab4128
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-14 16:08:34 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-14 16:09:43 +0000

    [ GLSA 202208-26 ] libarchive: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/803128
    Bug: https://bugs.gentoo.org/836352
    Bug: https://bugs.gentoo.org/837266
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202208-26.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 16:10:35 UTC
GLSA done, all done.