UbuntuUpdates.org

Package "libarchive"

Name: libarchive

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Implementation of the 'cpio' program from FreeBSD
  • Implementation of the 'tar' program from FreeBSD

Latest version: 3.1.2-7ubuntu2.8
Release: trusty (14.04)
Level: updates
Repository: universe

Links

Save this URL for the latest version of "libarchive": https://www.ubuntuupdates.org/libarchive



Other versions of "libarchive" in Trusty

Repository Area Version
base universe 3.1.2-7ubuntu2
base main 3.1.2-7ubuntu2
security main 3.1.2-7ubuntu2.8
security universe 3.1.2-7ubuntu2.8
updates main 3.1.2-7ubuntu2.8

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.1.2-7ubuntu2.2 2016-05-17 17:07:38 UTC

  libarchive (3.1.2-7ubuntu2.2) trusty-security; urgency=medium

  * SECURITY UPDATE: code execution via incorrect compressed size
    - debian/patches/CVE-2016-1541.patch: check sizes in
      libarchive/archive_read_support_format_zip.c.
    - CVE-2016-1541
  * SECURITY UPDATE: denial of service via malformed cpio archive
    - debian/patches/issue502.patch: fix implicit cast in
      libarchive/archive_read_support_format_cpio.c, reject attempts to
      move the file pointer by a negative amount in
      libarchive/archive_read.c.
    - CVE number pending.

 -- Marc Deslauriers <email address hidden> Fri, 13 May 2016 10:08:06 -0400

Source diff to previous version
CVE-2016-1541 Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attack

Version: 3.1.2-7ubuntu2.1 2015-03-30 01:06:31 UTC

  libarchive (3.1.2-7ubuntu2.1) trusty-security; urgency=medium

  * SECURITY UPDATE: absolute path traversal vulnerability in bsdcpio
    - debian/patches/CVE-2015-2304.patch: don't allow absolute paths by
      default in cpio/cpio.c, libarchive/archive.h,
      libarchive/archive_write_disk_posix.c, added test to
      libarchive/test/test_write_disk_secure.c, updated documentation in
      cpio/bsdcpio.1, libarchive/archive_write_disk.3.
    - CVE-2015-2304
 -- Marc Deslauriers <email address hidden> Tue, 24 Mar 2015 12:43:54 -0400

CVE-2015-2304 Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathn



About   -   Send Feedback to @ubuntu_updates