Headline
CVE-2023-30571: libarchive-announce - Google Groups
Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.
0 selected
mar…@matuska.org
8/23/21
libarchive 3.5.2 released
Libarchive 3.5.2 is a feature and security release. Source release: https://libarchive.org/downloads/
unread,
libarchive 3.5.2 released
Libarchive 3.5.2 is a feature and security release. Source release: https://libarchive.org/downloads/
8/23/21
mar…@matuska.org
12/26/20
libarchive 3.5.1 released
Libarchive 3.5.1 is now available at: https://libarchive.org/downloads/libarchive-3.5.1.tar.xz https:
unread,
libarchive 3.5.1 released
Libarchive 3.5.1 is now available at: https://libarchive.org/downloads/libarchive-3.5.1.tar.xz https:
12/26/20
Martin Matuska
5/21/20
libarchive 3.4.3 released
Libarchive 3.4.3 is now available at: https://libarchive.org/downloads/libarchive-3.4.3.tar.xz https:
unread,
libarchive 3.4.3 released
Libarchive 3.4.3 is now available at: https://libarchive.org/downloads/libarchive-3.4.3.tar.xz https:
5/21/20
Tim Kientzle
12/23/17
bsdtar on Windows!
Thought folks might find this interesting: bsdtar is now the standard tar implementation for the
unread,
bsdtar on Windows!
Thought folks might find this interesting: bsdtar is now the standard tar implementation for the
12/23/17
Tim Kientzle
3/2/17
Libarchive 3.3.1 feature and security release
Libarchive 3.3.1 is now available at https://libarchive.org/downloads/libarchive-3.3.1.tar.gz https:/
unread,
Libarchive 3.3.1 feature and security release
Libarchive 3.3.1 is now available at https://libarchive.org/downloads/libarchive-3.3.1.tar.gz https:/
3/2/17
Tim Kientzle
6/20/16
Libarchive 3.2.1 Security Release
Libarchive 3.2.1 is now available at https://libarchive.org/downloads/libarchive-3.2.1.tar.gz
unread,
Libarchive 3.2.1 Security Release
Libarchive 3.2.1 is now available at https://libarchive.org/downloads/libarchive-3.2.1.tar.gz
6/20/16
Tim Kientzle2
5/1/16
Libarchive 3.2.0 released
Revised: I omitted the download link in the initial announcement email. Libarchive 3.2.0 is a feature
unread,
Libarchive 3.2.0 released
Revised: I omitted the download link in the initial announcement email. Libarchive 3.2.0 is a feature
5/1/16
Andres Mejia
2/9/13
Libarchive 3.1.2 Released
Libarchive 3.1.2 is now available. http://www.libarchive.org/downloads/libarchive-3.1.2.tar.gz http:/
unread,
Libarchive 3.1.2 Released
Libarchive 3.1.2 is now available. http://www.libarchive.org/downloads/libarchive-3.1.2.tar.gz http:/
2/9/13
Andres Mejia
1/14/13
Libarchive 3.1.1 Released
Libarchive 3.1.1 is now available. https://github.com/libarchive/libarchive/tree/v3.1.1 This is a
unread,
Libarchive 3.1.1 Released
Libarchive 3.1.1 is now available. https://github.com/libarchive/libarchive/tree/v3.1.1 This is a
1/14/13
Andres Mejia
1/14/13
Libarchive 3.1 Released
Libarchive 3.1.0 is now available. https://github.com/libarchive/libarchive/tree/v3.1.0 There has
unread,
Libarchive 3.1 Released
Libarchive 3.1.0 is now available. https://github.com/libarchive/libarchive/tree/v3.1.0 There has
1/14/13
Andres Mejia
2/25/12
libarchive Migration to Git
libarchive has been converted to git. All further development of libarchive is now done via git from
unread,
libarchive Migration to Git
libarchive has been converted to git. All further development of libarchive is now done via git from
2/25/12
Tim Kientzle
1/13/12
Libarchive 3.0 Available
Libarchive 3.0 is now available from http://libarchive.googlecode.com/ The major version change
unread,
Libarchive 3.0 Available
Libarchive 3.0 is now available from http://libarchive.googlecode.com/ The major version change
1/13/12
Tim Kientzle
9/3/11
Libarchive 2.8.5 available
Libarchive 2.8.5 is the latest release in the libarchive 2.8 branch. This includes a number of bug
unread,
Libarchive 2.8.5 available
Libarchive 2.8.5 is the latest release in the libarchive 2.8 branch. This includes a number of bug
9/3/11
Tim Kientzle
2/5/10
libarchive 2.8.0 available
I’ve just posted the official libarchive 2.8.0 release at http://libarchive.googlecode.com/ This
unread,
libarchive 2.8.0 available
I’ve just posted the official libarchive 2.8.0 release at http://libarchive.googlecode.com/ This
2/5/10
Tim Kientzle
4/16/09
Libarchive 2.7.0 Released
I’m pleased to announce that libarchive 2.7.0 is now ready for general use. It can be downloaded
unread,
Libarchive 2.7.0 Released
I’m pleased to announce that libarchive 2.7.0 is now ready for general use. It can be downloaded
4/16/09
Tim Kientzle
4/11/09
Libarchive 2.7 Release Candidate
I’ve just posted libarchive-2.6.992a, which should be the final test release prior to the
unread,
Libarchive 2.7 Release Candidate
I’ve just posted libarchive-2.6.992a, which should be the final test release prior to the
4/11/09
Tim Kientzle
2/27/09
libarchive 2.6.2 available
Libarchive 2.6.2 has a handful of point bug fixes since 2.6.1. You can download it from: http://code.
unread,
libarchive 2.6.2 available
Libarchive 2.6.2 has a handful of point bug fixes since 2.6.1. You can download it from: http://code.
2/27/09
kien…@gmail.com
2/19/09
A few updates…
I’m expecting to cut the first libarchive 2.7 alpha releases in about a month. There’s been
unread,
A few updates…
I’m expecting to cut the first libarchive 2.7 alpha releases in about a month. There’s been
2/19/09
kien…@gmail.com
1/18/09
libarchive-2.6.1 available
Libarchive 2.6.1 is now available for download from http://libarchive.googlecode.com/ This is the
unread,
libarchive-2.6.1 available
Libarchive 2.6.1 is now available for download from http://libarchive.googlecode.com/ This is the
1/18/09