[ubuntu/resolute-updates] libarchive 3.8.5-1ubuntu2.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Thu May 21 16:58:26 UTC 2026
libarchive (3.8.5-1ubuntu2.1) resolute-security; urgency=medium
* SECURITY UPDATE: Heap out-of-bounds read during RAR archive processing
- debian/patches/CVE-2026-4424-1.patch: Reallocate undersized LZSS windows
in libarchive/archive_read_support_format_rar.c
- debian/patches/CVE-2026-4424-2.patch: Cast LZSS mask comparison in
libarchive/archive_read_support_format_rar.c
- CVE-2026-4424
* SECURITY UPDATE: Undefined behavior during zisofs decompression
- debian/patches/CVE-2026-4426.patch: Validate zisofs block size exponent
in libarchive/archive_read_support_format_iso9660.c
- CVE-2026-4426
* SECURITY UPDATE: Integer overflow during zisofs block pointer allocation
- debian/patches/CVE-2026-5121.patch: Add related regression tests in
test/test_read_format_iso_zisofs_overflow.c and
../test_read_format_iso_zisofs_overflow.iso.uu
- CVE-2026-5121
Date: 2026-05-20 16:53:19.881023+00:00
Changed-By: Shafayat Hossain Majumder <shafayat.majumder at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libarchive/3.8.5-1ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Resolute-changes
mailing list