]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0e939bf) | patch
libarchive: fix CVE-2025-5917
authorDivya Chellam <divya.chellam@windriver.com>
Tue, 8 Jul 2025 09:38:18 +0000 (15:08 +0530)
committerSteve Sakoman <steve@sakoman.com>
Tue, 8 Jul 2025 16:05:09 +0000 (09:05 -0700)
commit2b2a2fce345c9bfcad44cc8ef3419f43dd07b022
tree0d38c1d1f3ab3b8957a32ee1dcfbf5aa0d7c1137tree | snapshot
parent0e939bf5fc7412c7357fcd7d8ae760f023ac40ebcommit | diff
libarchive: fix CVE-2025-5917

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-
one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-
byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, lea
ding to unpredictable program behavior, crashes, or in specific circumstances, could be lever
aged as a building block for more sophisticated exploitation.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-5917

Upstream-patch:
https://github.com/libarchive/libarchive/commit/7c02cde37a63580cd1859183fbbd2cf04a89be85

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-extended/libarchive/libarchive/CVE-2025-5917.patch [new file with mode: 0644] blob
meta/recipes-extended/libarchive/libarchive_3.6.2.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib