[ubuntu/questing-security] libarchive 3.7.7-0ubuntu3.2 (Accepted)
Shafayat Hossain Majumder
shafayat.majumder at canonical.com
Thu May 21 16:13:28 UTC 2026
libarchive (3.7.7-0ubuntu3.2) questing-security; urgency=medium
* SECURITY UPDATE: Heap out-of-bounds read during RAR archive processing
- debian/patches/CVE-2026-4424-1.patch: Reallocate undersized LZSS windows
in libarchive/archive_read_support_format_rar.c
- debian/patches/CVE-2026-4424-2.patch: Cast LZSS mask comparison in
libarchive/archive_read_support_format_rar.c
- CVE-2026-4424
* SECURITY UPDATE: Undefined behavior during zisofs decompression
- debian/patches/CVE-2026-4426.patch: Validate zisofs block size exponent
in libarchive/archive_read_support_format_iso9660.c
- CVE-2026-4426
* SECURITY UPDATE: Integer overflow during zisofs block pointer allocation
- debian/patches/CVE-2026-5121.patch: Add related regression tests in
test/test_read_format_iso_zisofs_overflow.c and
../test_read_format_iso_zisofs_overflow.iso.uu
- CVE-2026-5121
Date: 2026-05-20 16:53:12.088882+00:00
Changed-By: Shafayat Hossain Majumder <shafayat.majumder at canonical.com>
https://launchpad.net/ubuntu/+source/libarchive/3.7.7-0ubuntu3.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list