oss-sec mailing list archives
CVE request: libarchive, multiple overflows
From: Thomas Biege <thomas () suse de>
Date: Fri, 6 May 2011 14:37:54 +0200
Hello, our maintainer found the following patches: ----------- I was doing some maintainance on bsdtar package and noticed that there was a buffer overflow fix upstream, see http://code.google.com/p/libarchive/source/detail?r=3158&path=/trunk/libarchive/archive_read_support_format_iso9660.c Also SUSE package does not include the http://pkgs.fedoraproject.org/gitweb/?p=libarchive.git;a=blob_plain;f=libarchive-2.8.4-iso9660-data-types.patch;hb=HEAD patch which seems to be security sensitive also. ---------- More overflow fixes: http://code.google.com/p/libarchive/source/detail?r=2842 http://code.google.com/p/libarchive/source/detail?r=3160 Use-after-free fix (not sure if exploitable): http://code.google.com/p/libarchive/source/detail?r=3038 ---------- Cheers, Thomas -- Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg -- Wer aufhoert besser werden zu wollen, hoert auf gut zu sein. -- Marie von Ebner-Eschenbach
Current thread:
- CVE request: libarchive, multiple overflows Thomas Biege (May 06)
- Re: CVE request: libarchive, multiple overflows Josh Bressers (May 09)