Описание
ELSA-2016-1844: libarchive security update (IMPORTANT)
[3.1.2-10]
- Fixes variation of CVE-2016-5418: Hard links could include '..' in their path.
[3.1.2-9]
- Fixes CVE-2016-5418: Archive Entry with type 1 (hardlink) causes file overwrite (#1365777)
[3.1.2-8]
- a bunch of security fixes (rhbz#1353065)
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
bsdcpio
3.1.2-10.el7_2
bsdtar
3.1.2-10.el7_2
libarchive
3.1.2-10.el7_2
libarchive-devel
3.1.2-10.el7_2
Oracle Linux x86_64
bsdcpio
3.1.2-10.el7_2
bsdtar
3.1.2-10.el7_2
libarchive
3.1.2-10.el7_2
libarchive-devel
3.1.2-10.el7_2
Связанные CVE
Ссылки на источники
Связанные уязвимости
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.