==========================================================================
Ubuntu Security Notice USN-3703-1
July 04, 2018
libarchive-zip-perl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
Archive Zip module could be made to expose sensitive information
if it received a specially crafted input.
Software Description:
– libarchive-zip-perl: Perl module for manipulation of ZIP archives
Details:
It was discovered that the Archive Zip module incorrectly handled
certain inputs. An attacker could possibly use this to access sensitive
information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
libarchive-zip-perl 1.60-1ubuntu0.1
Ubuntu 17.10:
libarchive-zip-perl 1.59-1ubuntu0.1
Ubuntu 16.04 LTS:
libarchive-zip-perl 1.56-2ubuntu0.1
Ubuntu 14.04 LTS:
libarchive-zip-perl 1.30-7ubuntu0.1
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3703-1
CVE-2018-10860
Package Information:
https://launchpad.net/ubuntu/+source/libarchive-zip-perl/1.60-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libarchive-zip-perl/1.59-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libarchive-zip-perl/1.56-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libarchive-zip-perl/1.30-7ubuntu0.1—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJbPPiZAAoJEEW851uECx9pPIEP/AvST4alkWLTyMYqZY49qwlv
TKHrtMj5OhukeGgflZnEbHb9hHlw0eqObybU5+TjoQkjAJ3/bTvblGKKDhTvVrc5
J0U6sK01d8GBNSScBsVVhxKehrZ8ksPiHkMTJgx9arS83G+8+mJbCFdo0W+EDLKF
cDXXZcB2IsGBBAZzMzuEmiyL9AFZJIrctcObxzBTsxGzGuBTYUmNgk3mqTDBCg91
DLhm9yTOHgwgdSsLAaQSbIfW4R9If0Nrw+4MRJqfcomDeZdSr2rWIlPioikwB77+
ZSKvBEBX3ybo9OcOciLbEDartqZzg04DdFY25FwNUJr7u11c333KARwCrEw9Uzu/
Xlpnu5ij0lfs6pRsSm8NHV/1PHEBo60lgV6JxVvWZfUgf2crUuVKeLj3sBPti/M1
AWHREB/DEgxbl1kmwbvuWINt0CBA4UtrYZ2EswPnOpQ4opA3lNPJTJQ06zSi27yb
sYHzaKunXnvhhs4MQJrGHFZenosnFONRi1//teQjm2REvJbopwX/pp/sSG8u5MU6
u6VNMGGLOBiGa2VBhEp8usQlLN1HxwI5Fytk3GrH+Qc64hV1LYSUTC781GeYPxcG
CVH4al9cz9rtxXSWLrexmbuB4yePcOhDkQiQdkF2ocQbTHUSuiPo1mwIK7fWeLq/
5qhgvm3d/JaEG+7hjaN5
=pD1R
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3703-2
July 04, 2018
libarchive-zip-perl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 ESM
Summary:
Archive Zip module could be made to expose sensitive information
if it received a specially crafted input.
Software Description:
– libarchive-zip-perl: Perl module for manipulation of ZIP archives
Details:
USN-3703-1 fixed a vulnerability in Archive Zip module. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that the Archive Zip module incorrectly handled
certain inputs.
An attacker could possibly use this to access sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
libarchive-zip-perl 1.30-6ubuntu0.1
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3703-2
https://usn.ubuntu.com/usn/usn-3703-1
CVE-2018-10860—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJbPQBpAAoJEEW851uECx9pqxEP/0lZkI0EszaNgeEBpU6vp5te
OgA3t0NofCpL7JavvOoQm9XD1Is47bQwsOXDmyeirhQJ8xTNzYPlV1eidnatWc6q
wlBGPk3Qyl+1WcN1c3yMb8unipzXijTqrwHttKpYfYvz+2uyBeV2c1P1Zd6hnGWr
MgKIsrHUwvh3gMI/YcEeeklfNeOiekUdAjusm4gQE6CJfxdawCG0obzxSo5BsVX0
4aZ1sF3F/WLb2Tr9VcPBUfAR6dj7991vgVkrM4eUSEJp14yOpJj/P9TC0esSsjVQ
ojZ42Eexp7IshnY26iF+I+O58vwZI1eT7wMh/uKh1k703ZVM6vQrc/mDeMSuJ6jn
uMVHCccdB2gyc0tVovQ+7LnEyFMaKtKNoBE54TwUKFiXs9gUcu1cZnCeGH6spsu7
Hx3oVHWjeZ0Cz2oS6H3AnRcqMrcpNTMMN3Fa8+mJxXVIPADl5PkMCEglwz8vpWpd
VrdYd2Y5xdG0WbVM89ZeHio30mMU9Z/gBWHc888mnkqewnurU4WeI8OEcXH7EFE9
q250fkDYe85wHx69Fo4SMcZmbN1u+FwLbR94I/T0j1oWQLuL0d/v7nFwPTFwNIN3
nFIxhxqnTvV2Yo4uOMyLQAIWc3WI8Uwn9uowEIqCsLOjtCYdaKFhKKiuDjIxET2s
JpbbD+mrblbKTSgAfF+m
=6FNG
—–END PGP SIGNATURE—–
—