Package "libarchive"
Name: |
libarchive
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- Implementation of the 'cpio' program from FreeBSD
- Implementation of the 'tar' program from FreeBSD
|
Latest version: |
3.1.2-11ubuntu0.16.04.8 |
Release: |
xenial (16.04) |
Level: |
updates |
Repository: |
universe |
Links
Other versions of "libarchive" in Xenial
Packages in group
Deleted packages are displayed in grey.
Changelog
libarchive (3.1.2-11ubuntu0.16.04.8) xenial-security; urgency=medium
* SECURITY UPDATE: Out-of-read and Denial of service
- debian/patches/CVE-2019-19221.patch: Bugfix and optimize
archive_wstring_append_from_mbs() in libarchive/archive_string.c.
- CVE-2019-19221
-- <email address hidden> (Leonidas S. Barbosa) Thu, 20 Feb 2020 14:45:19 -0300
|
Source diff to previous version |
CVE-2019-19221 |
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. Fo |
|
libarchive (3.1.2-11ubuntu0.16.04.7) xenial-security; urgency=medium
* SECURITY UPDATE: Use-after-free
- debian/patches/CVE-2019-18408.patch: RAR reader: fix use after free
in libarchive/archive_read_support_format_rar.c.
- CVE-2019-18408
-- <email address hidden> (Leonidas S. Barbosa) Mon, 28 Oct 2019 10:57:06 -0300
|
Source diff to previous version |
CVE-2019-18408 |
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED si |
|
libarchive (3.1.2-11ubuntu0.16.04.6) xenial-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-1000019.patch: fix in
libarchive/archive_read_support_format_7zip.c.
- CVE-2019-1000019
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-1000020.patch: fix in
libarchive/archive_read_support_format_iso9660.c.
- CVE-2019-1000020
-- <email address hidden> (Leonidas S. Barbosa) Wed, 06 Feb 2019 08:53:41 -0300
|
Source diff to previous version |
CVE-2019-1000019 |
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerabil |
CVE-2019-1000020 |
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Co |
|
libarchive (3.1.2-11ubuntu0.16.04.5) xenial-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2017-14502.patch: fix in
libarchive/archive_read_support_format_rar.c.
- CVE-2017-14502
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-1000877.patch: fix in
libarchive/archive_read_support_format_rar.c.
- CVE-2018-1000877
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-1000878.patch: fix in
libarchive/archive_read_support_format_rar.c.
- CVE-2018-1000878
-- <email address hidden> (Leonidas S. Barbosa) Mon, 14 Jan 2019 09:30:58 -0300
|
Source diff to previous version |
CVE-2017-14502 |
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an |
CVE-2018-1000877 |
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in |
CVE-2018-1000878 |
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability |
|
libarchive (3.1.2-11ubuntu0.16.04.4) xenial-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2016-10209.patch: fix in
libarchive/archive_string.c.
- CVE-2016-10209
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2016-10349-and-CVE-2016-10350.patch: fix in
libarchive/archive_read_support_format_cab.c.
- CVE-2016-10349
- CVE-2016-10350
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-14166.patch: fix in
libarchive/archive_read_support_format_xar.c.
- CVE-2017-14166
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2017-14501.patch: fix in
libarchive/archive_read_support_format_iso9660.c.
- CVE-2017-14501
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2017-14503.patch: fix in
libarchive/archive_read_support_format_lha.c.
- CVE-2017-14503
-- <email address hidden> (Leonidas S. Barbosa) Wed, 08 Aug 2018 15:28:16 -0300
|
CVE-2016-10209 |
The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL point |
CVE-2016-10349 |
The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-rea |
CVE-2016-10350 |
The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial o |
CVE-2017-14166 |
libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar |
CVE-2017-14501 |
An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted |
CVE-2017-14503 |
libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially craf |
|
About
-
Send Feedback to @ubuntu_updates