libarchive: security issues (CVE-2016-5418, CVE-2016-7166)
CVE-2016-5418: The sandboxing code in libarchive 3.2.0 and earlier
mishandles hardlink archive entries of non-zero data size,
which might allow remote attackers to write to arbitrary files via a
crafted archive file.
References:
https://github.com/libarchive/libarchive/issues/743 (umbrella report)
https://github.com/libarchive/libarchive/issues/744
https://github.com/libarchive/libarchive/issues/745
https://github.com/libarchive/libarchive/issues/746
Testcase:
https://github.com/libarchive/libarchive/commit/063ea3ea3fcb569a380b2ebe9c9ddd8bd6ce0d49
Fix for testcase:
https://github.com/libarchive/libarchive/commit/50952acd22df3326c49771f5e5ba48630899468c
Patches:
Centos patch:
https://git.centos.org/blob/rpms![](libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES)libarchive-3.1.2-CVE-2016-5418.patch;jsessionid=1dexz8h9qdewibih5aonbu3
Centos additional patch:
https://git.centos.org/blob/rpms![](libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES)libarchive-3.1.2-CVE-2016-5418-variation.patch;jsessionid=1dexz8h9qdewibih5aonbu3
Fixed by (for #744):
https://github.com/libarchive/libarchive/commit/1fa9c7bf90f0862036a99896b0501c381584451a
Fixed by (for #745 and #746):
https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9
https://bugzilla.redhat.com/show\_bug.cgi?id=1362601, relates to
upstream bugs #744, #745 and #746
CVE-2016-7166: libarchive before 3.2.0 does not limit the number of
recursive decompressions, which allows
remote attackers to cause a denial of service (memory consumption and
application crash) via a crafted gzip file.
References:
https://github.com/libarchive/libarchive/issues/660
Patch:
https://github.com/libarchive/libarchive/commit/6e06b1c89
(from redmine: issue id 6244, created on 2016-09-28, closed on 2016-10-18)
- Relations:
- child #6245 (closed)
- child #6246 (closed)
- child #6247 (closed)