==========================================================================
Ubuntu Security Notice USN-4169-1
October 29, 2019

libarchive vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM

Summary:

libarchive could be made to execute arbitrary code if it received
specially crafted archive file.

Software Description:
– libarchive: Library to read/write archive files

Details:

It was discovered that libarchive incorrectly handled certain archive files.
An attacker could possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
libarchive13 3.3.3-4ubuntu0.1

Ubuntu 18.04 LTS:
libarchive13 3.2.2-3.1ubuntu0.5

Ubuntu 16.04 LTS:
libarchive13 3.1.2-11ubuntu0.16.04.7

Ubuntu 14.04 ESM:
libarchive13 3.1.2-7ubuntu2.8+esm1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4169-1
CVE-2019-18408

Package Information:
https://launchpad.net/ubuntu/+source/libarchive/3.3.3-4ubuntu0.1
https://launchpad.net/ubuntu/+source/libarchive/3.2.2-3.1ubuntu0.5
https://launchpad.net/ubuntu/+source/libarchive/3.1.2-11ubuntu0.16.04.7
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJduIxtAAoJEEW851uECx9px/AQALCQ4GbhusSKACMllSwralSu
QQ/7u7v7op+nMtQVR9C7sOWSY/PEm6EAY6BXbXWRxsJBRerPbKTrWf6C65SOFU4J
9ybkSecxSXZHkZTczyz9OirS30L8jdwYSHuYIeOqB5UaCqyfduaoI0neLvsN9uMH
WduEUWWzM1N8WrXqgod4f7QdRxigoIDjRn2EVrQ48ZWVBjH+9mgte7TkiwGij6uJ
qoOqtxSmKtxW+s563JN9GdiIPsCbZzyX4W+q2ePz872k5B8YKrPdgZF+vxIIkOlW
LfsONHAcakEoYsLddzgL3bWOJJO86WSqruPobXWgA5v+k8UH28Ds7vsdbA59ffEb
PFM1qcOUElwsqkyCHkWRUaASiIhTAMWtu24Y6WSANPUSNv5X8IAaZBl9Vyobs2ft
8bkiMhc+bOWbJzkn7WQ/5UmjOhVWIpLCTl5c/HZ4Rj8B9wMVFkEGK6aPuFxRG6rv
UoS3ojE9gCRgQAYInw5gOKjrppcPQLPd9bEXnw3Fq0ki4hwP4JQMZBtJCJEZJkVi
NQeABt9hWiHc+eKoxYuVkO72zktxgF1IF+cDfC0P5fRasaNfku1VDpVUfftjx28J
vJmDUFi4XxeCaOQPFprpje+B6H0tdFcWneg9Wp+2WCPOOnDEVl9oFZf2ClHjJ/Ve
0psYBZoVMjNecudec1mN
=c6tn
—–END PGP SIGNATURE—–
—