Public bug reported: Binary package hint: libarchive1
References: DSA-1455-1 (http://www.debian.org/security/2008/dsa-1455) Quoting: "Several local/remote vulnerabilities have been discovered in libarchive1, a single library to read/write tar, cpio, pax, zip, iso9660, archives. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3641 It was discovered that libarchive1 would miscompute the length of a buffer resulting in a buffer overflow if yet another type of corruption occurred in a pax extension header. CVE-2007-3644 It was discovered that if an archive prematurely ended within a pax extension header the libarchive1 library could enter an infinite loop. CVE-2007-3645 If an archive prematurely ended within a tar header, immediately following a pax extension header, libarchive1 could dereference a NULL pointer." ** Affects: libarchive (Ubuntu) Importance: Undecided Status: New ** Affects: libarchive (Debian) Importance: Unknown Status: Unknown ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-3641 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-3644 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-3645 ** Bug watch added: Debian Bug tracker #432924 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924 ** Also affects: libarchive (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924 Importance: Unknown Status: Unknown -- [libarchive1] several local/remote vulnerabilities, possibility of DoS https://bugs.launchpad.net/bugs/181721 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs