=========================================================================Ubuntu Security Notice USN-1310-1
December 19, 2011
libarchive vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
libarchive could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- libarchive: Library to read/write archive files
Details:
It was discovered that libarchive incorrectly handled certain ISO 9660
image files. If a user were tricked into using a specially crafted
ISO 9660 image file, a remote attacker could cause libarchive to crash or
possibly execute arbitrary code with user privileges. (CVE-2011-1777)
It was discovered that libarchive incorrectly handled certain tar archive
files. If a user were tricked into using a specially crafted tar file, a
remote attacker could cause libarchive to crash or possibly execute
arbitrary code with user privileges. (CVE-2011-1778)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
libarchive1 2.8.4-1ubuntu0.11.10.1
Ubuntu 11.04:
libarchive1 2.8.4-1ubuntu0.11.04.1
Ubuntu 10.10:
libarchive1 2.8.4-1ubuntu0.10.10.1
Ubuntu 10.04 LTS:
libarchive1 2.8.0-2ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-1310-1
CVE-2011-1777, CVE-2011-1778
Package Information:
https://launchpad.net/ubuntu/+source/libarchive/2.8.4-1ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/libarchive/2.8.4-1ubuntu0.11.04.1
https://launchpad.net/ubuntu/+source/libarchive/2.8.4-1ubuntu0.10.10.1
https://launchpad.net/ubuntu/+source/libarchive/2.8.0-2ubuntu0.1