Publishing details

• Removed from disk on 2018-08-14.
• Removal requested on 2018-08-14.
• Superseded on 2018-08-13 by libarchive - 3.1.2-11ubuntu0.16.04.4
• Published on 2017-03-09
• Copied from ubuntu xenial in Private PPA for Ubuntu Security Team by Ubuntu Archive Robot

Changelog

libarchive (3.1.2-11ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service and possible code execution when
    writing an ISO9660 archive
    - debian/patches/CVE-2016-6250.patch: check for overflow in
      libarchive/archive_write_set_format_iso9660.c.
    - CVE-2016-6250
  * SECURITY UPDATE: denial of service via recursive decompression
    - debian/patches/CVE-2016-7166.patch: limit number of filters in
      libarchive/archive_read.c, added test to Makefile.am,
      libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_too_many_filters.c,
      libarchive/test/test_read_too_many_filters.gz.uu.
    - CVE-2016-7166
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

 -- Marc Deslauriers <email address hidden>  Thu, 09 Mar 2017 11:01:45 -0500

Builds

• amd64
• arm64
• armhf
• i386
• powerpc
• ppc64el
• s390x

Package files

• bsdcpio-dbgsym_3.1.2-11ubuntu0.16.04.3_amd64.ddeb (22.0 KiB)
• bsdcpio-dbgsym_3.1.2-11ubuntu0.16.04.3_arm64.ddeb (22.5 KiB)
• bsdcpio-dbgsym_3.1.2-11ubuntu0.16.04.3_armhf.ddeb (22.2 KiB)
• bsdcpio-dbgsym_3.1.2-11ubuntu0.16.04.3_i386.ddeb (20.1 KiB)
• bsdcpio-dbgsym_3.1.2-11ubuntu0.16.04.3_powerpc.ddeb (21.6 KiB)
• bsdcpio-dbgsym_3.1.2-11ubuntu0.16.04.3_ppc64el.ddeb (23.5 KiB)
• bsdcpio-dbgsym_3.1.2-11ubuntu0.16.04.3_s390x.ddeb (19.2 KiB)
• bsdcpio_3.1.2-11ubuntu0.16.04.3_amd64.deb (32.6 KiB)
• bsdcpio_3.1.2-11ubuntu0.16.04.3_arm64.deb (32.1 KiB)
• bsdcpio_3.1.2-11ubuntu0.16.04.3_armhf.deb (32.2 KiB)
• bsdcpio_3.1.2-11ubuntu0.16.04.3_i386.deb (33.8 KiB)
• bsdcpio_3.1.2-11ubuntu0.16.04.3_powerpc.deb (33.1 KiB)
• bsdcpio_3.1.2-11ubuntu0.16.04.3_ppc64el.deb (32.1 KiB)
• bsdcpio_3.1.2-11ubuntu0.16.04.3_s390x.deb (32.5 KiB)
• bsdtar-dbgsym_3.1.2-11ubuntu0.16.04.3_amd64.ddeb (37.9 KiB)
• bsdtar-dbgsym_3.1.2-11ubuntu0.16.04.3_arm64.ddeb (39.1 KiB)
• bsdtar-dbgsym_3.1.2-11ubuntu0.16.04.3_armhf.ddeb (37.4 KiB)
• bsdtar-dbgsym_3.1.2-11ubuntu0.16.04.3_i386.ddeb (33.5 KiB)
• bsdtar-dbgsym_3.1.2-11ubuntu0.16.04.3_powerpc.ddeb (37.2 KiB)
• bsdtar-dbgsym_3.1.2-11ubuntu0.16.04.3_ppc64el.ddeb (42.2 KiB)
• bsdtar-dbgsym_3.1.2-11ubuntu0.16.04.3_s390x.ddeb (33.5 KiB)
• bsdtar_3.1.2-11ubuntu0.16.04.3_amd64.deb (46.8 KiB)
• bsdtar_3.1.2-11ubuntu0.16.04.3_arm64.deb (45.1 KiB)
• bsdtar_3.1.2-11ubuntu0.16.04.3_armhf.deb (44.4 KiB)
• bsdtar_3.1.2-11ubuntu0.16.04.3_i386.deb (51.1 KiB)
• bsdtar_3.1.2-11ubuntu0.16.04.3_powerpc.deb (46.2 KiB)
• bsdtar_3.1.2-11ubuntu0.16.04.3_ppc64el.deb (46.2 KiB)
• bsdtar_3.1.2-11ubuntu0.16.04.3_s390x.deb (46.5 KiB)
• libarchive-dev_3.1.2-11ubuntu0.16.04.3_amd64.deb (415.1 KiB)
• libarchive-dev_3.1.2-11ubuntu0.16.04.3_arm64.deb (383.7 KiB)
• libarchive-dev_3.1.2-11ubuntu0.16.04.3_armhf.deb (390.0 KiB)
• libarchive-dev_3.1.2-11ubuntu0.16.04.3_i386.deb (439.9 KiB)
• libarchive-dev_3.1.2-11ubuntu0.16.04.3_powerpc.deb (396.8 KiB)
• libarchive-dev_3.1.2-11ubuntu0.16.04.3_ppc64el.deb (460.1 KiB)
• libarchive-dev_3.1.2-11ubuntu0.16.04.3_s390x.deb (413.1 KiB)
• libarchive13-dbgsym_3.1.2-11ubuntu0.16.04.3_amd64.ddeb (533.6 KiB)
• libarchive13-dbgsym_3.1.2-11ubuntu0.16.04.3_arm64.ddeb (535.1 KiB)
• libarchive13-dbgsym_3.1.2-11ubuntu0.16.04.3_armhf.ddeb (519.0 KiB)
• libarchive13-dbgsym_3.1.2-11ubuntu0.16.04.3_i386.ddeb (488.9 KiB)
• libarchive13-dbgsym_3.1.2-11ubuntu0.16.04.3_powerpc.ddeb (519.7 KiB)
• libarchive13-dbgsym_3.1.2-11ubuntu0.16.04.3_ppc64el.ddeb (646.9 KiB)
• libarchive13-dbgsym_3.1.2-11ubuntu0.16.04.3_s390x.ddeb (499.4 KiB)
• libarchive13_3.1.2-11ubuntu0.16.04.3_amd64.deb (255.8 KiB)
• libarchive13_3.1.2-11ubuntu0.16.04.3_arm64.deb (212.2 KiB)
• libarchive13_3.1.2-11ubuntu0.16.04.3_armhf.deb (225.3 KiB)
• libarchive13_3.1.2-11ubuntu0.16.04.3_i386.deb (294.2 KiB)
• libarchive13_3.1.2-11ubuntu0.16.04.3_powerpc.deb (241.0 KiB)
• libarchive13_3.1.2-11ubuntu0.16.04.3_ppc64el.deb (282.2 KiB)
• libarchive13_3.1.2-11ubuntu0.16.04.3_s390x.deb (242.5 KiB)
• libarchive_3.1.2-11ubuntu0.16.04.3.debian.tar.xz (38.6 KiB)
• libarchive_3.1.2-11ubuntu0.16.04.3.dsc (2.4 KiB)
• libarchive_3.1.2.orig.tar.gz (4.3 MiB)