UbuntuUpdates.org

Package "libarchive-tools"

Name: libarchive-tools

Description:

FreeBSD implementations of 'tar' and 'cpio' and other archive tools
Latest version: 3.7.7-0ubuntu3.1
Release: questing (25.10)
Level: security
Repository: universe
Head package: libarchive
Homepage: https://www.libarchive.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libarchive-tools"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libarchive-tools" in Questing

Repository Area Version
base universe 3.7.7-0ubuntu3
updates universe 3.7.7-0ubuntu3.1

Changelog

Version: 3.7.7-0ubuntu3.1 2026-04-02 23:08:08 UTC

  libarchive (3.7.7-0ubuntu3.1) questing-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read during streamed archive skipping
    - debian/patches/CVE-2025-5918-1.patch: Prevent EOF-skipping in
      libarchive/archive_read_open_fd.c, libarchive/archive_read_open_file.c,
      libarchive/archive_read_open_filename.c, add relevant tests in
      libarchive/test/test_read_format_rar.c
    - debian/patches/CVE-2025-5918-2.patch: Fix file skip offset handling in
      libarchive/archive_read_open_file.c
    - CVE-2025-5918
  * SECURITY UPDATE: Unbounded memory allocation during bsdtar substitution
    processing
    - debian/patches/CVE-2025-60753.patch: Advance zero-length matches in
      tar/subst.c and add tests in tar/test/test_option_s.c
    - CVE-2025-60753
  * SECURITY UPDATE: Infinite loop during RAR5 decompression
    - debian/patches/CVE-2026-4111.patch: Filter bounds in
      libarchive/archive_read_support_format_rar5.c and add loop regression
      tests in libarchive/test/test_read_format_rar5_loop_bug.c,
      libarchive/test/test_read_format_rar5_loop_bug.rar.uu
    - CVE-2026-4111

 -- Shafayat Hossain Majumder <email address hidden> Wed, 01 Apr 2026 14:23:07 -0400
CVE-2025-5918 A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowi
CVE-2025-60753 An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s subst
CVE-2026-4111 A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path.


About   -   Send Feedback to @ubuntu_updates