Advisories ยป MGASA-2016-0179

Updated libarchive packages fix CVE-2016-1541

Publication date: 18 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1541

Description

Updated libarchive packages fix security vulnerability:

Heap-based buffer overflow in the zip_read_mac_metadata function in
archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote
attackers to execute arbitrary code via crafted entry-size values in a ZIP
archive (CVE-2016-1541).

The libarchive package has been updated to version 3.2.0, fixing this issue
and other bugs.
                

References

SRPMS

5/core