libarchive: fix CVE-2025-5918 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Divya Chellam <divya.chellam@windriver.com>	2025-07-02 12:21:34 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-07-09 08:43:32 -0700
commit	37be814fb24a679192abe16328daa9c2ef33afea (patch)
tree	94c91d7bf34cd1777ee42a7faf565023cb8d3d44 /documentation/dev-manual/python-development-shell.rst
parent	3c2bbf4a1cbcc0a7f9b2fbb6e141f80b11c67917 (diff)
download	poky-37be814fb24a679192abe16328daa9c2ef33afea.tar.gz

libarchive: fix CVE-2025-5918

A vulnerability has been identified in the libarchive library. This flaw can be triggered whe n file streams are piped into bsdtar, potentially allowing for reading past the end of the fi le. This out-of-bounds read can lead to unintended consequences, including unpredictable prog ram behavior, memory corruption, or a denial-of-service condition. CVE-2025-5918-0001 is the dependent commit and CVE-2025-5918-0002 is the actual CVE fix. Reference: https://security-tracker.debian.org/tracker/CVE-2025-5918 Upstream-patches: https://github.com/libarchive/libarchive/commit/89b8c35ff4b5addc08a85bf5df02b407f8af1f6c https://github.com/libarchive/libarchive/commit/dcbf1e0ededa95849f098d154a25876ed5754bcf (From OE-Core rev: 369c164a163b2c7f15ee5fc41130be9feaf7245e) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'documentation/dev-manual/python-development-shell.rst')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: