UbuntuUpdates.org

Package "libarchive"

Name: libarchive

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Multi-format archive and compression library (development files)
  • Multi-format archive and compression library (shared library)
Latest version: 3.7.7-0ubuntu3.1
Release: questing (25.10)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libarchive" in Questing

Repository Area Version
base main 3.7.7-0ubuntu3
base universe 3.7.7-0ubuntu3
security main 3.7.7-0ubuntu3.1
security universe 3.7.7-0ubuntu3.1
updates universe 3.7.7-0ubuntu3.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.7.7-0ubuntu3.1 2026-04-03 06:12:19 UTC

  libarchive (3.7.7-0ubuntu3.1) questing-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read during streamed archive skipping
    - debian/patches/CVE-2025-5918-1.patch: Prevent EOF-skipping in
      libarchive/archive_read_open_fd.c, libarchive/archive_read_open_file.c,
      libarchive/archive_read_open_filename.c, add relevant tests in
      libarchive/test/test_read_format_rar.c
    - debian/patches/CVE-2025-5918-2.patch: Fix file skip offset handling in
      libarchive/archive_read_open_file.c
    - CVE-2025-5918
  * SECURITY UPDATE: Unbounded memory allocation during bsdtar substitution
    processing
    - debian/patches/CVE-2025-60753.patch: Advance zero-length matches in
      tar/subst.c and add tests in tar/test/test_option_s.c
    - CVE-2025-60753
  * SECURITY UPDATE: Infinite loop during RAR5 decompression
    - debian/patches/CVE-2026-4111.patch: Filter bounds in
      libarchive/archive_read_support_format_rar5.c and add loop regression
      tests in libarchive/test/test_read_format_rar5_loop_bug.c,
      libarchive/test/test_read_format_rar5_loop_bug.rar.uu
    - CVE-2026-4111

 -- Shafayat Hossain Majumder <email address hidden> Wed, 01 Apr 2026 14:23:07 -0400
CVE-2025-5918 A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowi
CVE-2025-60753 An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s subst
CVE-2026-4111 A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path.


About   -   Send Feedback to @ubuntu_updates