Format: 1.8 Date: Thu, 09 Mar 2017 11:01:45 -0500 Source: libarchive Binary: libarchive-dev libarchive13 bsdtar bsdcpio Architecture: amd64 Version: 3.1.2-11ubuntu0.16.04.3 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: bsdcpio - Implementation of the 'cpio' program from FreeBSD bsdtar - Implementation of the 'tar' program from FreeBSD libarchive-dev - Multi-format archive and compression library (development files) libarchive13 - Multi-format archive and compression library (shared library) Changes: libarchive (3.1.2-11ubuntu0.16.04.3) xenial-security; urgency=medium . * SECURITY UPDATE: arbitrary file write via hardlink entries - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long pathnames in libarchive/archive_write_disk_posix.c. - debian/patches/CVE-2016-5418-2.patch: fix path handling in libarchive/archive_write_disk_posix.c. - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/main.c, libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c, libarchive/test/test_write_disk_secure745.c, libarchive/test/test_write_disk_secure746.c. - debian/patches/CVE-2016-5418-4.patch: fix testcases in libarchive/test/test_write_disk_secure745.c, libarchive/test/test_write_disk_secure746.c. - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in libarchive/archive_write_disk_posix.c. - CVE-2016-5418 * SECURITY UPDATE: denial of service and possible code execution when writing an ISO9660 archive - debian/patches/CVE-2016-6250.patch: check for overflow in libarchive/archive_write_set_format_iso9660.c. - CVE-2016-6250 * SECURITY UPDATE: denial of service via recursive decompression - debian/patches/CVE-2016-7166.patch: limit number of filters in libarchive/archive_read.c, added test to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/test_read_too_many_filters.c, libarchive/test/test_read_too_many_filters.gz.uu. - CVE-2016-7166 * SECURITY UPDATE: denial of service via non-printable multibyte character in a filename - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c. - CVE-2016-8687 * SECURITY UPDATE: denial of service via multiple long lines - debian/patches/CVE-2016-8688.patch: fix bounds in libarchive/archive_read_support_format_mtree.c, added test to Makefile.am, libarchive/test/CMakeLists.txt, libarchive/test/test_read_format_mtree_crash747.c, libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu. - CVE-2016-8688 * SECURITY UPDATE: denial of service via multiple EmptyStream attributes - debian/patches/CVE-2016-8689.patch: reject files with multiple markers in libarchive/archive_read_support_format_7zip.c. - CVE-2016-8689 * SECURITY UPDATE: denial of service via invalid compressed file size - debian/patches/CVE-2017-5601.patch: add check to libarchive/archive_read_support_format_lha.c. - CVE-2017-5601 Checksums-Sha1: 5acfc8b39539fcf0e5216d49022232ca77430d9c 22562 bsdcpio-dbgsym_3.1.2-11ubuntu0.16.04.3_amd64.ddeb b13e77f766c8803443576a19c8b508d52c536f66 33392 bsdcpio_3.1.2-11ubuntu0.16.04.3_amd64.deb 116966901c000cf46e336e4eae987550b27ff4b7 38780 bsdtar-dbgsym_3.1.2-11ubuntu0.16.04.3_amd64.ddeb cf7b1e4f9a160960ff1adcb6294290a0dad6b847 47878 bsdtar_3.1.2-11ubuntu0.16.04.3_amd64.deb f2a57186e086c3db4f4ba252cb79aa4a86985c3a 425040 libarchive-dev_3.1.2-11ubuntu0.16.04.3_amd64.deb a9ef3493c88896e90474f30330036bef0e0c75db 546446 libarchive13-dbgsym_3.1.2-11ubuntu0.16.04.3_amd64.ddeb 8df7edf0e3934e147907af41d56bad80767c64a5 261960 libarchive13_3.1.2-11ubuntu0.16.04.3_amd64.deb Checksums-Sha256: 63c9fc663072e7910d9df73f1fb38d7f432f456a63912342ad79bc6c7600e742 22562 bsdcpio-dbgsym_3.1.2-11ubuntu0.16.04.3_amd64.ddeb 7909d2a1f139891acdf935e38cf43454877143d9dcc3e9f02defbdc226865f9d 33392 bsdcpio_3.1.2-11ubuntu0.16.04.3_amd64.deb e43f3603f7c57406c3b5ec35b0fa5166db2b15fd1026a8ae1dfc3bd6cf247f3a 38780 bsdtar-dbgsym_3.1.2-11ubuntu0.16.04.3_amd64.ddeb 6f5cf6d844c89bc2be04992fbf36f62241524aaeb8bc65f1709ba77c8f69497e 47878 bsdtar_3.1.2-11ubuntu0.16.04.3_amd64.deb a8f5614e4a7c3dea378f668bb7b5454b2f2681cbde6a988f9ec313ba79f39b65 425040 libarchive-dev_3.1.2-11ubuntu0.16.04.3_amd64.deb d346f211639ea21ed7c7614a8bb3fe1305b65a6b87b6d9ce52578a7c1a952a1b 546446 libarchive13-dbgsym_3.1.2-11ubuntu0.16.04.3_amd64.ddeb 03d47f87148f4190df648b379272e939b41cd54e3a254d576e8e1f7b3977653e 261960 libarchive13_3.1.2-11ubuntu0.16.04.3_amd64.deb Files: 02b11b48c6789027b8b12f6c32fc1648 22562 utils extra bsdcpio-dbgsym_3.1.2-11ubuntu0.16.04.3_amd64.ddeb 26913cd33baca1158115c3936fb1ce2f 33392 utils optional bsdcpio_3.1.2-11ubuntu0.16.04.3_amd64.deb 21ed53624952907af85039ed5745bbdd 38780 utils extra bsdtar-dbgsym_3.1.2-11ubuntu0.16.04.3_amd64.ddeb 9c10ac3fb93833faf99029ee3e03ffa8 47878 utils optional bsdtar_3.1.2-11ubuntu0.16.04.3_amd64.deb 8b9cc6d34d9e8bb67722c3bafe04d1e7 425040 libdevel optional libarchive-dev_3.1.2-11ubuntu0.16.04.3_amd64.deb 90c2fdaa1e57c5b399dbe4a3680077f7 546446 libs extra libarchive13-dbgsym_3.1.2-11ubuntu0.16.04.3_amd64.ddeb 8909b6568d1ac80f34d2d65f9fb6a1f2 261960 libs optional libarchive13_3.1.2-11ubuntu0.16.04.3_amd64.deb Original-Maintainer: Debian Libarchive Maintainers