FEDORA-2019-fd2a963f4b created by odubaj 24 days ago for Fedora 29
obsolete

Security fix for CVE-2019-18408

RAR reader: fix use after free

If read_data_compressed() returns ARCHIVE_FAILED, the caller is allowed to continue with next archive headers. We need to set rar->start_new_table after the ppmd7_context got freed, otherwise it won't be allocated again.

This update has been submitted for testing by odubaj.

24 days ago

This update's test gating status has been changed to 'waiting'.

24 days ago

This update's test gating status has been changed to 'ignored'.

24 days ago

This update has been pushed to testing.

24 days ago
User Icon pwalter commented & provided feedback 16 days ago
karma

Works

This update is marked obsolete because the F29 release is archived.

16 days ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
24 days ago
in testing
24 days ago
BZ#1769980 CVE-2019-18408 libarchive: use-after-free in archive_read_format_rar_read_data in archive_read_support_format_rar.c [fedora-all]
0
0

Automated Test Results