Package "libarchive"

Name:	libarchive
Description:	This package is just an umbrella for a group of other packages, it has no description. Description samples from packages in group: FreeBSD implementations of 'tar' and 'cpio' and other archive tools
Latest version:	3.4.0-2ubuntu1.2
Release:	focal (20.04)
Level:	updates
Repository:	universe

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Other versions of "libarchive" in Focal

Repository	Area	Version
base	main	3.4.0-2ubuntu1
base	universe	3.4.0-2ubuntu1
security	main	3.4.0-2ubuntu1.2
security	universe	3.4.0-2ubuntu1.2
updates	main	3.4.0-2ubuntu1.2

Packages in group

Deleted packages are displayed in grey.

libarchive-tools

Changelog

Version: 3.4.0-2ubuntu1.2 2022-04-11 19:06:16 UTC

libarchive (3.4.0-2ubuntu1.2) focal-security; urgency=medium * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2022-26280.patch: fix possible out-of-bounds read in zipx_lzma_alone_init() in libarchive/archive_read_support_format_zip.c. - CVE-2022-26280 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 05 Apr 2022 11:33:37 -0300

Source diff to previous version

CVE-2022-26280

Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.

Version: 3.4.0-2ubuntu1.1 2022-02-17 16:06:29 UTC

libarchive (3.4.0-2ubuntu1.1) focal-security; urgency=medium * SECURITY UPDATE: extracting a symlink with ACLs modifies ACLs of target - debian/patches/CVE-2021-23177.patch: fix handling of symbolic link ACLs in libarchive/archive_disk_acl_freebsd.c, libarchive/archive_disk_acl_linux.c, libarchive/archive_disk_acl_sunos.c. - CVE-2021-23177 * SECURITY UPDATE: symbolic links incorrectly followed - debian/patches/CVE-2021-31566-1.patch: do not follow symlinks when processing the fixup list in Makefile.am, libarchive/archive_write_disk_posix.c, libarchive/test/CMakeLists.txt, libarchive/test/test_write_disk_fixup.c. - debian/patches/CVE-2021-31566-2.patch: never follow symlinks when setting file flags on Linux in libarchive/archive_write_disk_posix.c. - debian/patches/CVE-2021-31566-3.patch: fix following symlinks when processing the fixup list in libarchive/archive_write_disk_posix.c, libarchive/test/test_write_disk_fixup.c. - debian/patches/CVE-2021-31566-4.patch: fix writing fflags broken in 8a1bd5c in libarchive/archive_write_disk_posix.c. - CVE-2021-31566 * SECURITY UPDATE: use-after-free in copy_string - debian/patches/CVE-2021-36976-pre1.patch: verify window size for solid files in Makefile.am, libarchive/archive_read_support_format_rar5.c, libarchive/test/test_read_format_rar5*. - debian/patches/CVE-2021-36976-pre2.patch: verify window size for multivolume archives in Makefile.am, libarchive/archive_read_support_format_rar5.c, libarchive/test/test_read_format_rar5*. - debian/patches/CVE-2021-36976-1.patch: fixed out of bounds read in some files in Makefile.am, libarchive/archive_read_support_format_rar5.c, libarchive/test/*. - debian/patches/CVE-2021-36976-2.patch: fix invalid memory access in some files in Makefile.am, libarchive/archive_read_support_format_rar5.c, libarchive/test/test_read_format_rar5.c, libarchive/test/*. - CVE-2021-36976 -- Marc Deslauriers <email address hidden> Wed, 16 Feb 2022 09:59:13 -0500

CVE-2021-23177	extracting a symlink with ACLs modifies ACLs of target
CVE-2021-31566	symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive
CVE-2021-36976	libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).

About - Send Feedback to @ubuntu_updates

Package "libarchive"

Links

Other versions of "libarchive" in Focal

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

proposed

PPA updates