libarchive: fix CVE-2025-5917 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Divya Chellam <divya.chellam@windriver.com>	2025-07-02 12:21:33 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-07-09 08:43:32 -0700
commit	3c2bbf4a1cbcc0a7f9b2fbb6e141f80b11c67917 (patch)
tree	249a4e89cf824c68cf7e2b5f35c9d1a32d152920 /documentation/dev-manual/python-development-shell.rst
parent	0bccc5ec8559559167be0c2f772594b772112661 (diff)
download	poky-3c2bbf4a1cbcc0a7f9b2fbb6e141f80b11c67917.tar.gz

libarchive: fix CVE-2025-5917

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by- one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1- byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, lea ding to unpredictable program behavior, crashes, or in specific circumstances, could be lever aged as a building block for more sophisticated exploitation. Reference: https://security-tracker.debian.org/tracker/CVE-2025-5917 Upstream-patch: https://github.com/libarchive/libarchive/commit/7c02cde37a63580cd1859183fbbd2cf04a89be85 (From OE-Core rev: 2b6832b05bab414df1da7c74a0c6a5e5a9d75b29) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'documentation/dev-manual/python-development-shell.rst')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: