CVE-2016-5418 in Ubuntu

CVE-2016-5418

Priority

Description

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink
archive entries of non-zero data size, which might allow remote attackers
to write to arbitrary files via a crafted archive file.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5418
https://ubuntu.com/security/notices/USN-3225-1

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837714

Notes

Package

Source: libarchive (LP Ubuntu Debian)

Upstream:	released (3.2.1-4)
Ubuntu 16.04 ESM:	released (3.1.2-11ubuntu0.16.04.3)
Ubuntu 14.04 ESM:	released (3.1.2-7ubuntu2.4)

Patches:

Upstream:	https://github.com/libarchive/libarchive/commit/1fa9c7bf90f0862036a99896b0501c381584451a
Upstream:	https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9
Upstream:	https://github.com/libarchive/libarchive/commit/063ea3ea3fcb569a380b2ebe9c9ddd8bd6ce0d49
Upstream:	https://github.com/libarchive/libarchive/commit/50952acd22df3326c49771f5e5ba48630899468c
Upstream:	https://github.com/libarchive/libarchive/commit/dc1882e4ab48c3b1c11a596e9f577c43a5592dfb
Distro:	https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418-variation.patch;jsessionid=1dexz8h9qdewibih5aonbu3 (1/2)
Distro:	https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418.patch;jsessionid=1dexz8h9qdewibih5aonbu3 (2/2)

More Information

Updated: 2022-04-13 12:24:40 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)