지락문화예술공작단

USN-3225-1: libarchive vulnerabilities Ubuntu Security Notice USN-3225-1 9th March, 2017 libarchive vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary libarchive could be made to crash, overwrite files, or run programs as your login if it opened a specially crafted file. Software description libarchive – Library to read/write archive files Details It was discovered that libarchive incorrectly handled hardlink entries whenextracting archives. A remote attacker could possibly use this issue tooverwrite arbitrary files. (CVE-2016-5418) Christian Wressnegger, Alwin Maier, and Fabian Yamaguchi discovered thatlibarchive incorrectly handled filename lengths when writing ISO9660archives. A remote attacker could use this issue to cause libarchive tocrash, resulting in a denial of service, or possibly execute arbitrarycode. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS andUbuntu 16.04 LTS. [ more… ]