UbuntuUpdates.org

Package "bsdtar"

Name: bsdtar

Description:

Implementation of the 'tar' program from FreeBSD
Latest version: 3.1.2-7ubuntu2.8
Release: trusty (14.04)
Level: updates
Repository: universe
Head package: libarchive
Homepage: http://www.libarchive.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "bsdtar"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "bsdtar" in Trusty

Repository Area Version
base universe 3.1.2-7ubuntu2
security universe 3.1.2-7ubuntu2.8

Changelog

Version: 3.1.2-7ubuntu2.2 2016-05-17 17:07:38 UTC

  libarchive (3.1.2-7ubuntu2.2) trusty-security; urgency=medium

  * SECURITY UPDATE: code execution via incorrect compressed size
    - debian/patches/CVE-2016-1541.patch: check sizes in
      libarchive/archive_read_support_format_zip.c.
    - CVE-2016-1541
  * SECURITY UPDATE: denial of service via malformed cpio archive
    - debian/patches/issue502.patch: fix implicit cast in
      libarchive/archive_read_support_format_cpio.c, reject attempts to
      move the file pointer by a negative amount in
      libarchive/archive_read.c.
    - CVE number pending.

 -- Marc Deslauriers <email address hidden> Fri, 13 May 2016 10:08:06 -0400
Source diff to previous version
CVE-2016-1541 Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attack

Version: 3.1.2-7ubuntu2.1 2015-03-30 01:06:31 UTC

  libarchive (3.1.2-7ubuntu2.1) trusty-security; urgency=medium

  * SECURITY UPDATE: absolute path traversal vulnerability in bsdcpio
    - debian/patches/CVE-2015-2304.patch: don't allow absolute paths by
      default in cpio/cpio.c, libarchive/archive.h,
      libarchive/archive_write_disk_posix.c, added test to
      libarchive/test/test_write_disk_secure.c, updated documentation in
      cpio/bsdcpio.1, libarchive/archive_write_disk.3.
    - CVE-2015-2304
 -- Marc Deslauriers <email address hidden> Tue, 24 Mar 2015 12:43:54 -0400
CVE-2015-2304 Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathn


About   -   Send Feedback to @ubuntu_updates