]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7c5aee3) | patch
libarchive: fix CVE-2025-5915
authorDivya Chellam <divya.chellam@windriver.com>
Tue, 8 Jul 2025 09:38:16 +0000 (15:08 +0530)
committerSteve Sakoman <steve@sakoman.com>
Tue, 8 Jul 2025 16:05:09 +0000 (09:05 -0700)
commit41e7be4aa28481530d5e259d0f25b238b86c012d
tree66d432e4682bf7577a71b857f50493189f8e6dc1tree
parent7c5aee3066e4c8056d994cd50b26c18a16316c96commit | diff
libarchive: fix CVE-2025-5915

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap b
uffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer
-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memo
ry buffer, which can result in unpredictable program behavior, crashes (denial of service), o
r the disclosure of sensitive information from adjacent memory regions.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-5915

Upstream-patches:
https://github.com/libarchive/libarchive/commit/a612bf62f86a6faa47bd57c52b94849f0a404d8c

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-extended/libarchive/libarchive/CVE-2025-5915.patch [new file with mode: 0644] blob
meta/recipes-extended/libarchive/libarchive_3.6.2.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib