Ubuntu
libarchive package

libarchive 3.0.3-6ubuntu1.4 source package in Ubuntu

Changelog

libarchive (3.0.3-6ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service and possible code execution when
    writing an ISO9660 archive
    - debian/patches/CVE-2016-6250.patch: check for overflow in
      libarchive/archive_write_set_format_iso9660.c.
    - CVE-2016-6250
  * SECURITY UPDATE: denial of service via recursive decompression
    - debian/patches/CVE-2016-7166.patch: limit number of filters in
      libarchive/archive_read.c, added test to Makefile.am,
      libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_too_many_filters.c,
      libarchive/test/test_read_too_many_filters.gz.uu.
    - CVE-2016-7166
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

 -- Marc Deslauriers <email address hidden>  Thu, 09 Mar 2017 11:34:04 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Precise
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Precise updates main libs
Precise security main libs

Downloads

File Size SHA-256 Checksum
libarchive_3.0.3.orig.tar.gz 3.3 MiB c5fc7620f74a54b1717e4aed38aee85dc27a988ad1db7640f28eb63a82ea62d7
libarchive_3.0.3-6ubuntu1.4.debian.tar.gz 59.3 KiB 1aa0731f446d94484c7a36f643ea8f2ce01938291cc674c90ddbeabecc855894
libarchive_3.0.3-6ubuntu1.4.dsc 2.3 KiB 84731f11e5b7e104ef348eea2602095658ba18f78e9271dabc0a246cda5f9b40

View changes file

Binary packages built by this source

bsdcpio: Implementation of the 'cpio' program from FreeBSD

 The bsdcpio program is the default system 'cpio' program used on FreeBSD.
 bsdcpio uses the libarchive library as a backend which does all of the work for
 reading and writing archives in various formats.

bsdcpio-dbgsym: debug symbols for package bsdcpio

 The bsdcpio program is the default system 'cpio' program used on FreeBSD.
 bsdcpio uses the libarchive library as a backend which does all of the work for
 reading and writing archives in various formats.

bsdtar: Implementation of the 'tar' program from FreeBSD

 The bsdtar program is the default system 'tar' program used on FreeBSD. bsdtar
 uses the libarchive library as a backend which does all of the work for reading
 and writing archives in various formats.

bsdtar-dbgsym: debug symbols for package bsdtar

 The bsdtar program is the default system 'tar' program used on FreeBSD. bsdtar
 uses the libarchive library as a backend which does all of the work for reading
 and writing archives in various formats.

libarchive-dev: Multi-format archive and compression library (development files)

 The libarchive library provides a flexible interface for reading and writing
 archives in various formats such as tar and cpio. libarchive also supports
 reading and writing archives compressed using various compression filters such
 as gzip and bzip2. The library is inherently stream-oriented; readers serially
 iterate through the archive, writers serially add things to the archive.
 .
 Archive formats supported are:
 .
    * tar (read and write, including GNU extensions)
    * pax (read and write, including GNU and star extensions)
    * cpio (read and write, including odc and newc variants)
    * iso9660 (read only, including Joliet and Rockridge extensions, with some
      limitations)
    * zip (read only, with some limitations, uses zlib)
    * mtree (read and write)
    * shar (write only)
    * ar (read and write, including BSD and GNU/SysV variants)
    * empty (read only; in particular, note that no other format will accept an
      empty file)
    * raw (read only)
    * xar (read only)
    * rar (read only, with some limitations)
    * 7zip (read and write, with some limitations)
 .
 Filters supported are:
 .
    * gzip (read and write, uses zlib)
    * bzip2 (read and write, uses bzlib)
    * compress (read and write, uses an internal implementation)
    * uudecode (read only)
    * separate command-line compressors with fixed-signature auto-detection
    * xz and lzma (read and write using liblzma)
 .
 This package provides the files necessary for development with libarchive.

libarchive12: Multi-format archive and compression library (shared library)

 The libarchive library provides a flexible interface for reading and writing
 archives in various formats such as tar and cpio. libarchive also supports
 reading and writing archives compressed using various compression filters such
 as gzip and bzip2. The library is inherently stream-oriented; readers serially
 iterate through the archive, writers serially add things to the archive.
 .
 Archive formats supported are:
 .
    * tar (read and write, including GNU extensions)
    * pax (read and write, including GNU and star extensions)
    * cpio (read and write, including odc and newc variants)
    * iso9660 (read only, including Joliet and Rockridge extensions, with some
      limitations)
    * zip (read only, with some limitations, uses zlib)
    * mtree (read and write)
    * shar (write only)
    * ar (read and write, including BSD and GNU/SysV variants)
    * empty (read only; in particular, note that no other format will accept an
      empty file)
    * raw (read only)
    * xar (read only)
    * rar (read only, with some limitations)
    * 7zip (read and write, with some limitations)
 .
 Filters supported are:
 .
    * gzip (read and write, uses zlib)
    * bzip2 (read and write, uses bzlib)
    * compress (read and write, uses an internal implementation)
    * uudecode (read only)
    * separate command-line compressors with fixed-signature auto-detection
    * xz and lzma (read and write using liblzma)
 .
 This package provides the libarchive shared library.

libarchive12-dbgsym: debug symbols for package libarchive12

 The libarchive library provides a flexible interface for reading and writing
 archives in various formats such as tar and cpio. libarchive also supports
 reading and writing archives compressed using various compression filters such
 as gzip and bzip2. The library is inherently stream-oriented; readers serially
 iterate through the archive, writers serially add things to the archive.
 .
 Archive formats supported are:
 .
    * tar (read and write, including GNU extensions)
    * pax (read and write, including GNU and star extensions)
    * cpio (read and write, including odc and newc variants)
    * iso9660 (read only, including Joliet and Rockridge extensions, with some
      limitations)
    * zip (read only, with some limitations, uses zlib)
    * mtree (read and write)
    * shar (write only)
    * ar (read and write, including BSD and GNU/SysV variants)
    * empty (read only; in particular, note that no other format will accept an
      empty file)
    * raw (read only)
    * xar (read only)
    * rar (read only, with some limitations)
    * 7zip (read and write, with some limitations)
 .
 Filters supported are:
 .
    * gzip (read and write, uses zlib)
    * bzip2 (read and write, uses bzlib)
    * compress (read and write, uses an internal implementation)
    * uudecode (read only)
    * separate command-line compressors with fixed-signature auto-detection
    * xz and lzma (read and write using liblzma)
 .
 This package provides the libarchive shared library.