MNBSD-2016-14: libarchive cpio directory traversal and zip integer signedness error

Severity: Unknown

Affected Package: libarchive

Summary: libarchive cpio directory traversal and zip integer signedness error

Description

Two libarchive issues were fixed: a directory traversal vulnerability in bsdcpio when extracting archives, and an integer signedness error in the ZIP archive write routine. These could allow files to be written outside the intended directory or trigger memory corruption when processing crafted archives. Fixed in the 0.7.9 release.

Affected Versions

libarchive

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2015-2304, CVE-2013-0211

Published: May 31, 2016
Last Modified: May 31, 2016