USN-4293-1

Source

https://ubuntu.com/security/notices/USN-4293-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4293-1.json

Related

Published

2020-03-02T13:58:55.825354Z

Modified

2020-03-02T13:58:55.825354Z

Summary

libarchive vulnerabilities

Details

It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-19221)

It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a crash resulting in a denial of service or possibly unspecified other impact. This issue only affected Ubuntu 19.10. (CVE-2020-9308)

References

Affected packages

Ubuntu:18.04:LTS / libarchive

Package

Name: libarchive

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.2.2-3.1ubuntu0.6

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "bsdcpio": "3.2.2-3.1ubuntu0.6",
            "libarchive-tools": "3.2.2-3.1ubuntu0.6",
            "libarchive13": "3.2.2-3.1ubuntu0.6",
            "bsdtar": "3.2.2-3.1ubuntu0.6",
            "libarchive-dev": "3.2.2-3.1ubuntu0.6"
        }
    ]
}

Ubuntu:16.04:LTS / libarchive

Package

Name: libarchive

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.1.2-11ubuntu0.16.04.8

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "bsdcpio": "3.1.2-11ubuntu0.16.04.8",
            "libarchive13": "3.1.2-11ubuntu0.16.04.8",
            "bsdtar": "3.1.2-11ubuntu0.16.04.8",
            "libarchive-dev": "3.1.2-11ubuntu0.16.04.8"
        }
    ]
}