Package "libarchive"
| Name: |
libarchive
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- FreeBSD implementations of 'tar' and 'cpio' and other archive tools
|
| Latest version: |
3.7.7-0ubuntu3.2 |
| Release: |
questing (25.10) |
| Level: |
updates |
| Repository: |
universe |
Links
Other versions of "libarchive" in Questing
Packages in group
Deleted packages are displayed in grey.
Changelog
|
libarchive (3.7.7-0ubuntu3.2) questing-security; urgency=medium
* SECURITY UPDATE: Heap out-of-bounds read during RAR archive processing
- debian/patches/CVE-2026-4424-1.patch: Reallocate undersized LZSS windows
in libarchive/archive_read_support_format_rar.c
- debian/patches/CVE-2026-4424-2.patch: Cast LZSS mask comparison in
libarchive/archive_read_support_format_rar.c
- CVE-2026-4424
* SECURITY UPDATE: Undefined behavior during zisofs decompression
- debian/patches/CVE-2026-4426.patch: Validate zisofs block size exponent
in libarchive/archive_read_support_format_iso9660.c
- CVE-2026-4426
* SECURITY UPDATE: Integer overflow during zisofs block pointer allocation
- debian/patches/CVE-2026-5121.patch: Add related regression tests in
test/test_read_format_iso_zisofs_overflow.c and
../test_read_format_iso_zisofs_overflow.iso.uu
- CVE-2026-5121
-- Shafayat Hossain Majumder <email address hidden> Tue, 20 May 2026 11:52:56 -0400
|
| Source diff to previous version |
| CVE-2026-4424 |
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of t |
| CVE-2026-4426 |
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a fiel |
| CVE-2026-5121 |
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote at |
|
|
libarchive (3.7.7-0ubuntu3.1) questing-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds read during streamed archive skipping
- debian/patches/CVE-2025-5918-1.patch: Prevent EOF-skipping in
libarchive/archive_read_open_fd.c, libarchive/archive_read_open_file.c,
libarchive/archive_read_open_filename.c, add relevant tests in
libarchive/test/test_read_format_rar.c
- debian/patches/CVE-2025-5918-2.patch: Fix file skip offset handling in
libarchive/archive_read_open_file.c
- CVE-2025-5918
* SECURITY UPDATE: Unbounded memory allocation during bsdtar substitution
processing
- debian/patches/CVE-2025-60753.patch: Advance zero-length matches in
tar/subst.c and add tests in tar/test/test_option_s.c
- CVE-2025-60753
* SECURITY UPDATE: Infinite loop during RAR5 decompression
- debian/patches/CVE-2026-4111.patch: Filter bounds in
libarchive/archive_read_support_format_rar5.c and add loop regression
tests in libarchive/test/test_read_format_rar5_loop_bug.c,
libarchive/test/test_read_format_rar5_loop_bug.rar.uu
- CVE-2026-4111
-- Shafayat Hossain Majumder <email address hidden> Wed, 01 Apr 2026 14:23:07 -0400
|
| CVE-2025-5918 |
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowi |
| CVE-2025-60753 |
An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s subst |
| CVE-2026-4111 |
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. |
|
About
-
Send Feedback to @ubuntu_updates
