libarchive 3.0.3-6ubuntu1.3 source package in Ubuntu
Changelog
libarchive (3.0.3-6ubuntu1.3) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via malformed rar or cab files
- debian/patches/CVE-2015-8916.patch: ignore entries with empty
filenames in tar/read.c.
- CVE-2015-8916
- CVE-2015-8917
* SECURITY UPDATE: denial of service via malformed lzh file
- debian/patches/CVE-2015-8919.patch: recognize empty dir name in
libarchive/archive_read_support_format_lha.c.
- CVE-2015-8919
* SECURITY UPDATE: buffer underflow parsing ar header
- debian/patches/CVE-2015-8920.patch: check for empty filenames in
libarchive/archive_read_support_format_ar.c.
- CVE-2015-8920
* SECURITY UPDATE: read past end of string parsing
- debian/patches/CVE-2015-8921.patch: properly calculate string length
in libarchive/archive_entry.c.
- CVE-2015-8921
* SECURITY UPDATE: segfault on malformed 7z archive
- debian/patches/CVE-2015-8922.patch: reject some malformed files in
libarchive/archive_read_support_format_7zip.c, added tests to
Makefile.am, libarchive/test/test_read_format_7zip_malformed.7z.uu,
libarchive/test/test_read_format_7zip_malformed.c,
libarchive/test/test_read_format_7zip_malformed2.7z.uu,
libarchive/test/CMakeLists.txt.
- CVE-2015-8922
* SECURITY UPDATE: segfault on malformed Zip archive
- debian/patches/CVE-2015-8923.patch: properly handle sizes in
libarchive/archive_read_support_format_zip.c, added tests to
Makefile.am, libarchive/test/CMakeLists.txt,
libarchive/test/test_read_format_zip_malformed.c,
libarchive/test/test_read_format_zip_malformed1.zip.uu.
- CVE-2015-8923
* SECURITY UPDATE: buffer overflow when processing tar files
- debian/patches/CVE-2015-8924.patch: properly handle empty filenames
in libarchive/archive_read_support_format_tar.c.
- CVE-2015-8924
* SECURITY UPDATE: improper newline parsing
- debian/patches/CVE-2015-8925.patch: fix escaped newline parsing in
libarchive/archive_read_support_format_mtree.c, added tests to
libarchive/test/test_read_format_mtree.c,
libarchive/test/test_read_format_mtree.mtree.uu.
- CVE-2015-8925
* SECURITY UPDATE: segfault on invalid rar archive
- debian/patches/CVE-2015-8926.patch: properly handle return code in
libarchive/archive_read_support_format_rar.c.
- CVE-2015-8926
* SECURITY UPDATE: segfault via dir loop in malformed ISO
- debian/patches/CVE-2015-8930.patch: limit recursion in
libarchive/archive_read_support_format_iso9660.c.
- CVE-2015-8930
* SECURITY UPDATE: integer overflow parsing time values
- debian/patches/CVE-2015-8931.patch: fix time handling in
libarchive/archive_read_support_format_mtree.c.
- CVE-2015-8931
* SECURITY UPDATE: crash via invalid compressed data
- debian/patches/CVE-2015-8932.patch: add more checks to
libarchive/archive_read_support_filter_compress.c, added tests to
Makefile.am, libarchive/test/CMakeLists.txt,
libarchive/test/test_read_filter_compress.c.
- CVE-2015-8932
* SECURITY UPDATE: integer overflow via negative-sized sparse blocks
- debian/patches/CVE-2015-8933.patch: add check to
libarchive/archive_read_support_format_tar.c.
- CVE-2015-8933
* SECURITY UPDATE: heap overflow parsing malformed tar archives
- debian/patches/CVE-2015-8934.patch: properly check reading from lzss
decompression buffer in libarchive/archive_read_support_format_rar.c,
added tests to Makefile.am, libarchive/test/CMakeLists.txt,
libarchive/test/test_read_format_rar_invalid1.c,
libarchive/test/test_read_format_rar_invalid1.rar.uu.
- CVE-2015-8934
* SECURITY UPDATE: overflow reading 7-Zip with large number of substreams
- debian/patches/CVE-2016-4300.patch: add another limit to
libarchive/archive_read_support_format_7zip.c.
- CVE-2016-4300
* SECURITY UPDATE: crash via rar files with zero dictionary size
- debian/patches/CVE-2016-4302.patch: handle zero-sized disctionary in
libarchive/archive_ppmd7.c,
libarchive/archive_read_support_format_rar.c.
- CVE-2016-4302
* SECURITY UPDATE: memory allocation issues with large cpio symlinks
- debian/patches/CVE-2016-4809.patch: reject large symlinks in
libarchive/archive_read_support_format_cpio.c.
- CVE-2016-4809
* SECURITY UPDATE: integer overflow when computing volume descriptor
- debian/patches/CVE-2016-5844.patch: fix multiplications in
libarchive/archive_read_support_format_iso9660.c.
- CVE-2016-5844
* debian/control: add dh-autoreconf to Build-Depends.
* debian/rules: add autoreconf.
-- Marc Deslauriers <email address hidden> Wed, 13 Jul 2016 11:52:16 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Precise
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libarchive_3.0.3.orig.tar.gz | 3.3 MiB | c5fc7620f74a54b1717e4aed38aee85dc27a988ad1db7640f28eb63a82ea62d7 |
| libarchive_3.0.3-6ubuntu1.3.debian.tar.gz | 45.3 KiB | a75ca64a16b383a4ef551dbfd738e9d132a1c5716e4ece71b7d9e8b7988eea69 |
| libarchive_3.0.3-6ubuntu1.3.dsc | 2.3 KiB | 4c5d368b7e2526e35a77aa0618aad81dadbd7ae556602860f2a1f6ed2aff469f |
Available diffs
Binary packages built by this source
- bsdcpio: Implementation of the 'cpio' program from FreeBSD
The bsdcpio program is the default system 'cpio' program used on FreeBSD.
bsdcpio uses the libarchive library as a backend which does all of the work for
reading and writing archives in various formats.
- bsdcpio-dbgsym: debug symbols for package bsdcpio
The bsdcpio program is the default system 'cpio' program used on FreeBSD.
bsdcpio uses the libarchive library as a backend which does all of the work for
reading and writing archives in various formats.
- bsdtar: Implementation of the 'tar' program from FreeBSD
The bsdtar program is the default system 'tar' program used on FreeBSD. bsdtar
uses the libarchive library as a backend which does all of the work for reading
and writing archives in various formats.
- bsdtar-dbgsym: debug symbols for package bsdtar
The bsdtar program is the default system 'tar' program used on FreeBSD. bsdtar
uses the libarchive library as a backend which does all of the work for reading
and writing archives in various formats.
- libarchive-dev: Multi-format archive and compression library (development files)
The libarchive library provides a flexible interface for reading and writing
archives in various formats such as tar and cpio. libarchive also supports
reading and writing archives compressed using various compression filters such
as gzip and bzip2. The library is inherently stream-oriented; readers serially
iterate through the archive, writers serially add things to the archive.
.
Archive formats supported are:
.
* tar (read and write, including GNU extensions)
* pax (read and write, including GNU and star extensions)
* cpio (read and write, including odc and newc variants)
* iso9660 (read only, including Joliet and Rockridge extensions, with some
limitations)
* zip (read only, with some limitations, uses zlib)
* mtree (read and write)
* shar (write only)
* ar (read and write, including BSD and GNU/SysV variants)
* empty (read only; in particular, note that no other format will accept an
empty file)
* raw (read only)
* xar (read only)
* rar (read only, with some limitations)
* 7zip (read and write, with some limitations)
.
Filters supported are:
.
* gzip (read and write, uses zlib)
* bzip2 (read and write, uses bzlib)
* compress (read and write, uses an internal implementation)
* uudecode (read only)
* separate command-line compressors with fixed-signature auto-detection
* xz and lzma (read and write using liblzma)
.
This package provides the files necessary for development with libarchive.
- libarchive12: Multi-format archive and compression library (shared library)
The libarchive library provides a flexible interface for reading and writing
archives in various formats such as tar and cpio. libarchive also supports
reading and writing archives compressed using various compression filters such
as gzip and bzip2. The library is inherently stream-oriented; readers serially
iterate through the archive, writers serially add things to the archive.
.
Archive formats supported are:
.
* tar (read and write, including GNU extensions)
* pax (read and write, including GNU and star extensions)
* cpio (read and write, including odc and newc variants)
* iso9660 (read only, including Joliet and Rockridge extensions, with some
limitations)
* zip (read only, with some limitations, uses zlib)
* mtree (read and write)
* shar (write only)
* ar (read and write, including BSD and GNU/SysV variants)
* empty (read only; in particular, note that no other format will accept an
empty file)
* raw (read only)
* xar (read only)
* rar (read only, with some limitations)
* 7zip (read and write, with some limitations)
.
Filters supported are:
.
* gzip (read and write, uses zlib)
* bzip2 (read and write, uses bzlib)
* compress (read and write, uses an internal implementation)
* uudecode (read only)
* separate command-line compressors with fixed-signature auto-detection
* xz and lzma (read and write using liblzma)
.
This package provides the libarchive shared library.
- libarchive12-dbgsym: debug symbols for package libarchive12
The libarchive library provides a flexible interface for reading and writing
archives in various formats such as tar and cpio. libarchive also supports
reading and writing archives compressed using various compression filters such
as gzip and bzip2. The library is inherently stream-oriented; readers serially
iterate through the archive, writers serially add things to the archive.
.
Archive formats supported are:
.
* tar (read and write, including GNU extensions)
* pax (read and write, including GNU and star extensions)
* cpio (read and write, including odc and newc variants)
* iso9660 (read only, including Joliet and Rockridge extensions, with some
limitations)
* zip (read only, with some limitations, uses zlib)
* mtree (read and write)
* shar (write only)
* ar (read and write, including BSD and GNU/SysV variants)
* empty (read only; in particular, note that no other format will accept an
empty file)
* raw (read only)
* xar (read only)
* rar (read only, with some limitations)
* 7zip (read and write, with some limitations)
.
Filters supported are:
.
* gzip (read and write, uses zlib)
* bzip2 (read and write, uses bzlib)
* compress (read and write, uses an internal implementation)
* uudecode (read only)
* separate command-line compressors with fixed-signature auto-detection
* xz and lzma (read and write using liblzma)
.
This package provides the libarchive shared library.
