Source: libarchive Version: 3.3.3-1 Severity: important Tags: security upstream
Hi, The following vulnerability was published for libarchive. Note, several issues are discussed in the same upstream pull request 1105, but the set of affected versions is different, thus filling individual bugs. CVE-2018-1000879[0]: | libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 | onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer | Dereference vulnerability in ACL parser - libarchive/archive_acl.c, | archive_acl_from_text_l() that can result in Crash/DoS. This attack | appear to be exploitable via the victim must open a specially crafted | archive file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1000879 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000879 [1] https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909 [2] https://github.com/libarchive/libarchive/pull/1105 [3] https://github.com/libarchive/libarchive/pull/1105/commits/15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175 Regards, Salvatore
