FEDORA-2019-71b2273a9f created by odubaj 24 days ago for Fedora 30
testing

Security fix for CVE-2019-18408

RAR reader: fix use after free

If read_data_compressed() returns ARCHIVE_FAILED, the caller is allowed to continue with next archive headers. We need to set rar->start_new_table after the ppmd7_context got freed, otherwise it won't be allocated again.

How to install

sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2019-71b2273a9f

This update has been submitted for testing by odubaj.

24 days ago

This update's test gating status has been changed to 'waiting'.

24 days ago

This update's test gating status has been changed to 'ignored'.

24 days ago

This update has been pushed to testing.

24 days ago
User Icon pwalter commented & provided feedback 23 days ago
karma

Works

User Icon samoht0 provided feedback 23 days ago
karma

This update can be pushed to stable now if the maintainer wishes

23 days ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
24 days ago
in testing
24 days ago
BZ#1769980 CVE-2019-18408 libarchive: use-after-free in archive_read_format_rar_read_data in archive_read_support_format_rar.c [fedora-all]
0
0

Automated Test Results