Hash: SHA1
=============================================================================
FreeBSD-SA-07:05.libarchive Security Advisory
The FreeBSD Project
Topic: Errors handling corrupt tar files in libarchive(3)
Category: core
Module: libarchive
Announced: 2007-07-12
Credits: CPNI, CERT-FI, Tim Kientzle, Colin Percival
Affects: FreeBSD 5.3 and later.
Corrected: 2007-07-12 15:00:44 UTC (RELENG_6, 6.2-STABLE)
2007-07-12 15:01:14 UTC (RELENG_6_2, 6.2-RELEASE-p6)
2007-07-12 15:01:32 UTC (RELENG_6_1, 6.1-RELEASE-p18)
2007-07-12 15:01:42 UTC (RELENG_5, 5.5-STABLE)
2007-07-12 15:01:56 UTC (RELENG_5_5, 5.5-RELEASE-p14)
CVE Name: CVE-2007-3641, CVE-2007-3644, CVE-2007-3645
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
I. Background
The libarchive library provides a flexible interface for reading and
writing streaming archive files such as tar and cpio, and has been the
basis for FreeBSD's implementation of the tar(1) utility since FreeBSD 5.3.
II. Problem Description
Several problems have been found in the code used to parse the tar and
pax interchange formats. These include entering an infinite loop if an
archive prematurely ends within a pax extension header or if certain
types of corruption occur in pax extension headers [CVE-2007-3644];
dereferencing a NULL pointer if an archive prematurely ends within a
tar header immediately following a pax extension header or if certain
other types of corruption occur in pax extension headers [CVE-2007-3645];
and miscomputing the length of a buffer resulting in a buffer overflow
if yet another type of corruption occurs in a pax extension header
[CVE-2007-3641].
(more...)
No hay comentarios:
Publicar un comentario