Sicherheit: Pufferüberläufe in libarchive

Lesezeichen hinzufügen

--===============3943410567483750997==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-jSQK+Um5nXQUbdAWkL/U"

--=-jSQK+Um5nXQUbdAWkL/U
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1310-1
December 19, 2011

libarchive vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

libarchive could be made to crash or run programs as your login if it
opened a specially crafted file.

Software Description:
- libarchive: Library to read/write archive files

Details:

It was discovered that libarchive incorrectly handled certain ISO 9660
image files. If a user were tricked into using a specially crafted
ISO 9660 image file, a remote attacker could cause libarchive to crash or
possibly execute arbitrary code with user privileges. (CVE-2011-1777)

It was discovered that libarchive incorrectly handled certain tar archive
files. If a user were tricked into using a specially crafted tar file, a
remote attacker could cause libarchive to crash or possibly execute
arbitrary code with user privileges. (CVE-2011-1778)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
libarchive1 2.8.4-1ubuntu0.11.10.1

Ubuntu 11.04:
libarchive1 2.8.4-1ubuntu0.11.04.1

Ubuntu 10.10:
libarchive1 2.8.4-1ubuntu0.10.10.1

Ubuntu 10.04 LTS:
libarchive1 2.8.0-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1310-1
CVE-2011-1777, CVE-2011-1778

Package Information:
https://launchpad.net/ubuntu/+source/libarchive/2.8.4-1ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/libarchive/2.8.4-1ubuntu0.11.04.1
https://launchpad.net/ubuntu/+source/libarchive/2.8.4-1ubuntu0.10.10.1
https://launchpad.net/ubuntu/+source/libarchive/2.8.0-2ubuntu0.1

--ÓSQK+Um5nXQUbdAWkL/U
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJO70cEAAoJEGVp2FWnRL6TLS0QAIojHPRp0JLx8D7tmDuz1iRB
if+OEBgxLVGZlmfoklNgO8RC8eE9RsCKIdnk+lbxQxgE/fAIKIsFQmpC/693q93t
DzeHmImQkyix22IzsrOL83N/taCyt/94e5W9nXa+kIi7LeV9jkasv2SUyrHA2yPz
eIPQsjXn+qQC1JWiQnWGDn142TNxic3YpDEQcqwRGNyIJzDXd0Yve1ZJb1XHgi6H
pd5R38B/OnvgiwvDAXYr+7UsbIlRXPVe1WFH+HRApZRnZw+rhBXj5E4pnA3DZTNn
iEI2Mj/cg18Nx8p/CwJEdW00xErzAKw/SOso2qOcjAKY4vXjRA7Vd9U9Y1qCIpxZ
tplFOcQsbjJVU/6NUdvOvf9LNSOigbhmU5r8s+a4XS9yXJp+VfRKITCXppS+4nZZ
lkfk9N9aohcsc+JqwkDbzBc1h21Drco/kG9v3YK1tt7YSET0ZYK6cGvXPL0qLpPo
Gq0XIbKXB7CAOGIDfpMOkMPN0MIyy1EvVdCdT2ECVl0qokj3Tc9EI60tUxqyuWJq
mgOUEI37OaEy7FMh083Jaj/Hnh+vVFDr3+fue1zZkp0TtS//SbXKP21J8mKk7YF9
lm/7UhhIIiGLuUYPSuQfojqmTvygcdrGwAHtEi3+xSXQ5Mgtl/HRUtgM/iJ6b4t2
JqkukYtH0mU7QrbNgjRP
=nMsv
-----END PGP SIGNATURE-----

--=-jSQK+Um5nXQUbdAWkL/U--

--===============3943410567483750997==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============3943410567483750997==--