Ubuntu Security Notice 7070-1 - It was discovered that libarchive mishandled certain memory checks, which could result in a NULL pointer dereference. An attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that libarchive mishandled certain memory operations, which could result in an out-of-bounds memory access. An attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
54795697770de4e18132c9954463c8363aa56bc5e058814ed6f16b301438b04d==========================================================================
Ubuntu Security Notice USN-7070-1
October 16, 2024
libarchive vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in libarchive.
Software Description:
- libarchive: Library to read/write archive files
Details:
It was discovered that libarchive mishandled certain memory checks,
which could result in a NULL pointer dereference. An attacker could
potentially use this issue to cause a denial of service. This issue
only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-36227)
It was discovered that libarchive mishandled certain memory operations,
which could result in an out-of-bounds memory access. An attacker could
potentially use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-48957, CVE-2024-48958)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libarchive13t64 3.7.2-2ubuntu0.2
Ubuntu 22.04 LTS
libarchive13 3.6.0-1ubuntu1.2
Ubuntu 20.04 LTS
libarchive13 3.4.0-2ubuntu1.3
Ubuntu 18.04 LTS
libarchive13 3.2.2-3.1ubuntu0.7+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libarchive13 3.1.2-11ubuntu0.16.04.8+esm1
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libarchive13 3.1.2-7ubuntu2.8+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7070-1
CVE-2022-36227, CVE-2024-48957, CVE-2024-48958
Package Information:
https://launchpad.net/ubuntu/+source/libarchive/3.7.2-2ubuntu0.2
https://launchpad.net/ubuntu/+source/libarchive/3.6.0-1ubuntu1.2
https://launchpad.net/ubuntu/+source/libarchive/3.4.0-2ubuntu1.3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed