UbuntuUpdates.org

Bugs fixes in "libarchive"

Origin Bug number Title Date fixed
CVE CVE-2016-8688 The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial 2017-03-09
CVE CVE-2016-8687 Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a 2017-03-09
CVE CVE-2016-7166 libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory con 2017-03-09
CVE CVE-2016-6250 Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute 2017-03-09
CVE CVE-2016-5418 The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to 2017-03-09
CVE CVE-2017-5601 An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-o 2017-03-09
CVE CVE-2016-8689 The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bound 2017-03-09
CVE CVE-2016-8688 The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial 2017-03-09
CVE CVE-2016-8687 Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a 2017-03-09
CVE CVE-2016-7166 libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory con 2017-03-09
CVE CVE-2016-6250 Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute 2017-03-09
CVE CVE-2016-5418 The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to 2017-03-09
Launchpad 1607385 Please backport libarchive 3.2.1-2 (main) from yakkety 2016-07-28
Launchpad 1607385 Please backport libarchive 3.2.1-2 (main) from yakkety 2016-07-28
CVE CVE-2016-4302 Libarchive Rar RestartModel Heap Overflow 2016-07-14
CVE CVE-2016-4300 7-Zip read_SubStreamsInfo Integer Overflow 2016-07-14
CVE CVE-2015-8933 undefined behaviour / signed integer overflow in archive_read_format_tar_skip() 2016-07-14
CVE CVE-2016-4302 Libarchive Rar RestartModel Heap Overflow 2016-07-14
CVE CVE-2016-4300 7-Zip read_SubStreamsInfo Integer Overflow 2016-07-14
CVE CVE-2015-8933 undefined behaviour / signed integer overflow in archive_read_format_tar_skip() 2016-07-14



About   -   Send Feedback to @ubuntu_updates