UbuntuUpdates.org

Package "bsdcpio"

Name: bsdcpio

Description:

transitional dummy package for moving bsdcpio to libarchive-tools
Latest version: 3.2.2-3.1ubuntu0.7
Release: bionic (18.04)
Level: updates
Repository: universe
Head package: libarchive
Homepage: http://www.libarchive.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "bsdcpio"

All arch deb package
APT INSTALL

Other versions of "bsdcpio" in Bionic

Repository Area Version
base universe 3.2.2-3.1
security universe 3.2.2-3.1ubuntu0.7

Changelog

Version: 3.2.2-3.1ubuntu0.2 2019-01-15 16:06:38 UTC

  libarchive (3.2.2-3.1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2017-14502.patch: fix in
      libarchive/archive_read_support_format_rar.c.
    - CVE-2017-14502
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-1000877.patch: fix in
      libarchive/archive_read_support_format_rar.c.
    - CVE-2018-1000877
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-1000878.patch: fix in
      libarchive/archive_read_support_format_rar.c.
    - CVE-2018-1000878
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-1000880.patch: fix in
      libarchive/archive_read_support_format_warc.c.
    - CVE-2018-1000880

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 14 Jan 2019 09:53:14 -0300
Source diff to previous version
CVE-2017-14502 read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an
CVE-2018-1000877 libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in
CVE-2018-1000878 libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability
CVE-2018-1000880 libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vuln

Version: 3.2.2-3.1ubuntu0.1 2018-08-13 16:06:51 UTC

  libarchive (3.2.2-3.1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2017-14501.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2017-14501
  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2017-14503.patch: fix in
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-14503

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 07 Aug 2018 15:23:21 -0300
CVE-2017-14501 An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted
CVE-2017-14503 libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially craf


About   -   Send Feedback to @ubuntu_updates