UbuntuUpdates.org

Package "bsdcpio"

Name: bsdcpio

Description:

Implementation of the 'cpio' program from FreeBSD

Latest version: 3.0.3-6ubuntu1.4
Release: precise (12.04)
Level: updates
Repository: universe
Head package: libarchive
Homepage: http://libarchive.github.com/

Links


Download "bsdcpio"


Other versions of "bsdcpio" in Precise

Repository Area Version
base universe 3.0.3-6ubuntu1
security universe 3.0.3-6ubuntu1.4

Changelog

Version: 3.0.3-6ubuntu1.4 2017-03-09 20:06:54 UTC

  libarchive (3.0.3-6ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service and possible code execution when
    writing an ISO9660 archive
    - debian/patches/CVE-2016-6250.patch: check for overflow in
      libarchive/archive_write_set_format_iso9660.c.
    - CVE-2016-6250
  * SECURITY UPDATE: denial of service via recursive decompression
    - debian/patches/CVE-2016-7166.patch: limit number of filters in
      libarchive/archive_read.c, added test to Makefile.am,
      libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_too_many_filters.c,
      libarchive/test/test_read_too_many_filters.gz.uu.
    - CVE-2016-7166
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

 -- Marc Deslauriers <email address hidden> Thu, 09 Mar 2017 11:34:04 -0500

Source diff to previous version
CVE-2016-5418 The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to
CVE-2016-6250 Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute
CVE-2016-7166 libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory con
CVE-2016-8687 Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a
CVE-2016-8688 The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial
CVE-2016-8689 The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bound
CVE-2017-5601 An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-o

Version: 3.0.3-6ubuntu1.3 2016-07-14 23:07:03 UTC

  libarchive (3.0.3-6ubuntu1.3) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via malformed rar or cab files
    - debian/patches/CVE-2015-8916.patch: ignore entries with empty
      filenames in tar/read.c.
    - CVE-2015-8916
    - CVE-2015-8917
  * SECURITY UPDATE: denial of service via malformed lzh file
    - debian/patches/CVE-2015-8919.patch: recognize empty dir name in
      libarchive/archive_read_support_format_lha.c.
    - CVE-2015-8919
  * SECURITY UPDATE: buffer underflow parsing ar header
    - debian/patches/CVE-2015-8920.patch: check for empty filenames in
      libarchive/archive_read_support_format_ar.c.
    - CVE-2015-8920
  * SECURITY UPDATE: read past end of string parsing
    - debian/patches/CVE-2015-8921.patch: properly calculate string length
      in libarchive/archive_entry.c.
    - CVE-2015-8921
  * SECURITY UPDATE: segfault on malformed 7z archive
    - debian/patches/CVE-2015-8922.patch: reject some malformed files in
      libarchive/archive_read_support_format_7zip.c, added tests to
      Makefile.am, libarchive/test/test_read_format_7zip_malformed.7z.uu,
      libarchive/test/test_read_format_7zip_malformed.c,
      libarchive/test/test_read_format_7zip_malformed2.7z.uu,
      libarchive/test/CMakeLists.txt.
    - CVE-2015-8922
  * SECURITY UPDATE: segfault on malformed Zip archive
    - debian/patches/CVE-2015-8923.patch: properly handle sizes in
      libarchive/archive_read_support_format_zip.c, added tests to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_zip_malformed.c,
      libarchive/test/test_read_format_zip_malformed1.zip.uu.
    - CVE-2015-8923
  * SECURITY UPDATE: buffer overflow when processing tar files
    - debian/patches/CVE-2015-8924.patch: properly handle empty filenames
      in libarchive/archive_read_support_format_tar.c.
    - CVE-2015-8924
  * SECURITY UPDATE: improper newline parsing
    - debian/patches/CVE-2015-8925.patch: fix escaped newline parsing in
      libarchive/archive_read_support_format_mtree.c, added tests to
      libarchive/test/test_read_format_mtree.c,
      libarchive/test/test_read_format_mtree.mtree.uu.
    - CVE-2015-8925
  * SECURITY UPDATE: segfault on invalid rar archive
    - debian/patches/CVE-2015-8926.patch: properly handle return code in
      libarchive/archive_read_support_format_rar.c.
    - CVE-2015-8926
  * SECURITY UPDATE: segfault via dir loop in malformed ISO
    - debian/patches/CVE-2015-8930.patch: limit recursion in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2015-8930
  * SECURITY UPDATE: integer overflow parsing time values
    - debian/patches/CVE-2015-8931.patch: fix time handling in
      libarchive/archive_read_support_format_mtree.c.
    - CVE-2015-8931
  * SECURITY UPDATE: crash via invalid compressed data
    - debian/patches/CVE-2015-8932.patch: add more checks to
      libarchive/archive_read_support_filter_compress.c, added tests to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_filter_compress.c.
    - CVE-2015-8932
  * SECURITY UPDATE: integer overflow via negative-sized sparse blocks
    - debian/patches/CVE-2015-8933.patch: add check to
      libarchive/archive_read_support_format_tar.c.
    - CVE-2015-8933
  * SECURITY UPDATE: heap overflow parsing malformed tar archives
    - debian/patches/CVE-2015-8934.patch: properly check reading from lzss
      decompression buffer in libarchive/archive_read_support_format_rar.c,
      added tests to Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_rar_invalid1.c,
      libarchive/test/test_read_format_rar_invalid1.rar.uu.
    - CVE-2015-8934
  * SECURITY UPDATE: overflow reading 7-Zip with large number of substreams
    - debian/patches/CVE-2016-4300.patch: add another limit to
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-4300
  * SECURITY UPDATE: crash via rar files with zero dictionary size
    - debian/patches/CVE-2016-4302.patch: handle zero-sized disctionary in
      libarchive/archive_ppmd7.c,
      libarchive/archive_read_support_format_rar.c.
    - CVE-2016-4302
  * SECURITY UPDATE: memory allocation issues with large cpio symlinks
    - debian/patches/CVE-2016-4809.patch: reject large symlinks in
      libarchive/archive_read_support_format_cpio.c.
    - CVE-2016-4809
  * SECURITY UPDATE: integer overflow when computing volume descriptor
    - debian/patches/CVE-2016-5844.patch: fix multiplications in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2016-5844
  * debian/control: add dh-autoreconf to Build-Depends.
  * debian/rules: add autoreconf.

 -- Marc Deslauriers <email address hidden> Wed, 13 Jul 2016 11:52:16 -0400

Source diff to previous version
CVE-2015-8933 undefined behaviour / signed integer overflow in archive_read_format_tar_skip()
CVE-2016-4300 7-Zip read_SubStreamsInfo Integer Overflow
CVE-2016-4302 Libarchive Rar RestartModel Heap Overflow

Version: 3.0.3-6ubuntu1.2 2016-05-17 17:07:27 UTC

  libarchive (3.0.3-6ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via malformed cpio archive
    - debian/patches/issue502.patch: fix implicit cast in
      libarchive/archive_read_support_format_cpio.c, reject attempts to
      move the file pointer by a negative amount in
      libarchive/archive_read.c.
    - CVE number pending.

 -- Marc Deslauriers <email address hidden> Fri, 13 May 2016 10:15:48 -0400

Source diff to previous version

Version: 3.0.3-6ubuntu1.1 2015-03-25 16:06:40 UTC

  libarchive (3.0.3-6ubuntu1.1) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via integer signedness error
    - debian/patches/CVE-2013-0211.patch: limit write requests in
      libarchive/archive_write.c.
    - CVE-2013-0211
  * SECURITY UPDATE: absolute path traversal vulnerability in bsdcpio
    - debian/patches/CVE-2015-2304.patch: don't allow absolute paths by
      default in cpio/cpio.c, libarchive/archive.h,
      libarchive/archive_write_disk_posix.c, added test to
      libarchive/test/test_write_disk_secure.c, updated documentation in
      cpio/bsdcpio.1, libarchive/archive_write_disk.3.
    - CVE-2015-2304
 -- Marc Deslauriers <email address hidden> Tue, 24 Mar 2015 12:46:05 -0400

CVE-2013-0211 Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64
CVE-2015-2304 Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathn



About   -   Send Feedback to @ubuntu_updates