Home / mailings [USN-1310-1] libarchive vulnerabilities
Posted on 19 December 2011
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-1310-1
December 19, 2011
libarchive vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
libarchive could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- libarchive: Library to read/write archive files
Details:
It was discovered that libarchive incorrectly handled certain ISO 9660
image files. If a user were tricked into using a specially crafted
ISO 9660 image file, a remote attacker could cause libarchive to crash or
possibly execute arbitrary code with user privileges. (CVE-2011-1777)
It was discovered that libarchive incorrectly handled certain tar archive
files. If a user were tricked into using a specially crafted tar file, a
remote attacker could cause libarchive to crash or possibly execute
arbitrary code with user privileges. (CVE-2011-1778)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
libarchive1 2.8.4-1ubuntu0.11.10.1
Ubuntu 11.04:
libarchive1 2.8.4-1ubuntu0.11.04.1
Ubuntu 10.10:
libarchive1 2.8.4-1ubuntu0.10.10.1
Ubuntu 10.04 LTS:
libarchive1 2.8.0-2ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1310-1
CVE-2011-1777, CVE-2011-1778
Package Information:
https://launchpad.net/ubuntu/+source/libarchive/2.8.4-1ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/libarchive/2.8.4-1ubuntu0.11.04.1
https://launchpad.net/ubuntu/+source/libarchive/2.8.4-1ubuntu0.10.10.1
https://launchpad.net/ubuntu/+source/libarchive/2.8.0-2ubuntu0.1
