CVE-2016-5418

Priority
Medium
Description
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink
archive entries of non-zero data size, which might allow remote attackers
to write to arbitrary files via a crafted archive file.
References
Bugs
Package
Upstream:released (3.2.1-4)
Ubuntu 14.04 LTS (Trusty Tahr):released (3.1.2-7ubuntu2.4)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (3.1.2-11ubuntu0.16.04.3)
Ubuntu 17.04 (Zesty Zapus):not-affected (3.2.1-6)
Patches:
Upstream:https://github.com/libarchive/libarchive/commit/1fa9c7bf90f0862036a99896b0501c381584451a
Upstream:https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9
Upstream:https://github.com/libarchive/libarchive/commit/063ea3ea3fcb569a380b2ebe9c9ddd8bd6ce0d49
Upstream:https://github.com/libarchive/libarchive/commit/50952acd22df3326c49771f5e5ba48630899468c
Upstream:https://github.com/libarchive/libarchive/commit/dc1882e4ab48c3b1c11a596e9f577c43a5592dfb
Distro:https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418-variation.patch;jsessionid=1dexz8h9qdewibih5aonbu3 (1/2)
Distro:https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418.patch;jsessionid=1dexz8h9qdewibih5aonbu3 (2/2)
More Information

Updated: 2017-08-11 23:55:07 UTC (commit 13081)