[Secure-testing-team] Bug#823893: libarchive: CVE-2016-1541
Salvatore Bonaccorso
carnil at debian.org
Tue May 10 04:34:05 UTC 2016
Source: libarchive
Version: 3.1.2-11
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole
Control: fixed -1 3.2.0-1
Hi,
the following vulnerability was published for libarchive.
CVE-2016-1541[0]:
| Heap-based buffer overflow in the zip_read_mac_metadata function in
| archive_read_support_format_zip.c in libarchive before 3.2.0 allows
| remote attackers to execute arbitrary code via crafted entry-size
| values in a ZIP archive.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-1541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541
[1] https://www.kb.cert.org/vuls/id/862384
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list