Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1037093: libarchive: CVE-2023-30571
0 views
Skip to first unread message
Salvatore Bonaccorso
Jun 4, 2023, 9:10:05 AM6/4/23
to
Source: libarchive
Version: 3.6.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/libarchive/libarchive/issues/1876
X-Debbugs-Cc: car...@debian.org, Debian Security Team <te...@security.debian.org>
Hi,
The following vulnerability was published for libarchive.
CVE-2023-30571[0]:
| Libarchive through 3.6.2 can cause directories to have world-writable
| permissions. The umask() call inside archive_write_disk_posix.c
| changes the umask of the whole process for a very short period of
| time; a race condition with another thread can lead to a permanent
| umask 0 setting. Such a race condition could lead to implicit
| directory creation with permissions 0777 (without the sticky bit),
| which means that any low-privileged local user can delete and rename
| files inside those directories.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-30571
https://www.cve.org/CVERecord?id=CVE-2023-30571
[1] https://github.com/libarchive/libarchive/issues/1876
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Version: 3.6.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/libarchive/libarchive/issues/1876
X-Debbugs-Cc: car...@debian.org, Debian Security Team <te...@security.debian.org>
Hi,
The following vulnerability was published for libarchive.
CVE-2023-30571[0]:
| Libarchive through 3.6.2 can cause directories to have world-writable
| permissions. The umask() call inside archive_write_disk_posix.c
| changes the umask of the whole process for a very short period of
| time; a race condition with another thread can lead to a permanent
| umask 0 setting. Such a race condition could lead to implicit
| directory creation with permissions 0777 (without the sticky bit),
| which means that any low-privileged local user can delete and rename
| files inside those directories.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-30571
https://www.cve.org/CVERecord?id=CVE-2023-30571
[1] https://github.com/libarchive/libarchive/issues/1876
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
0 new messages