Arch Linux Security Advisory ASA-201607-1 ========================================= Severity: Critical Date : 2016-07-05 CVE-ID : CVE-2016-1541 Package : libarchive Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package libarchive before version 3.2.0-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 3.2.0-1. # pacman -Syu "libarchive>=3.2.0-1" The problem has been fixed upstream in version 3.2.0. Workaround ========== None. Description =========== A vulnerability was found in libarchive. A specially crafted zip file can provide an incorrect compressed size, which may allow an attacker to place arbitrary code on the heap and execute it in the context of the application. Impact ====== A remote attacker is able to use a specially crafted zip file that, when processed, is leading to arbitrary code execution. References ========== https://github.com/libarchive/libarchive/commit/d0331e8e https://www.kb.cert.org/vuls/id/862384 https://access.redhat.com/security/cve/CVE-2016-1541