Advisories » MGASA-2016-0179

Updated libarchive packages fix CVE-2016-1541

Publication date: 18 May 2016
Modification date: 18 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1541

Description

Updated libarchive packages fix security vulnerability:

Heap-based buffer overflow in the zip_read_mac_metadata function in
archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote
attackers to execute arbitrary code via crafted entry-size values in a ZIP
archive (CVE-2016-1541).

The libarchive package has been updated to version 3.2.0, fixing this issue
and other bugs.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18420
• https://groups.google.com/forum/#!topic/libarchive-announce/qdeGf_DRvN4
• https://www.debian.org/security/2016/dsa-3574
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541

SRPMS

5/core

• libarchive-3.2.0-1.mga5