oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: libarchive, multiple overflows

From: Thomas Biege <thomas () suse de>
Date: Fri, 6 May 2011 14:37:54 +0200
Hello,
our maintainer found the following patches:
-----------
I was doing some maintainance on bsdtar package and noticed that there was a
buffer overflow fix upstream, see
http://code.google.com/p/libarchive/source/detail?r=3158&path=/trunk/libarchive/archive_read_support_format_iso9660.c

Also SUSE package does not include the
http://pkgs.fedoraproject.org/gitweb/?p=libarchive.git;a=blob_plain;f=libarchive-2.8.4-iso9660-data-types.patch;hb=HEAD
patch which seems to be security sensitive also.
----------
More overflow fixes:

http://code.google.com/p/libarchive/source/detail?r=2842
http://code.google.com/p/libarchive/source/detail?r=3160

Use-after-free fix (not sure if exploitable):

http://code.google.com/p/libarchive/source/detail?r=3038
----------

Cheers,
Thomas


-- 
Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing
SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg
--
  Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
                            -- Marie von Ebner-Eschenbach
Previous By Date Next
Previous By Thread Next

Current thread: