[arch-security] [ASA-201607-1] libarchive: arbitrary code execution
anthraxx at archlinux.org
Tue Jul 5 19:23:30 UTC 2016
Arch Linux Security Advisory ASA-201607-1
Date : 2016-07-05
CVE-ID : CVE-2016-1541
Package : libarchive
Type : arbitrary code execution
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package libarchive before version 3.2.0-1 is vulnerable to
arbitrary code execution.
Upgrade to 3.2.0-1.
# pacman -Syu "libarchive>=3.2.0-1"
The problem has been fixed upstream in version 3.2.0.
A vulnerability was found in libarchive. A specially crafted zip file
can provide an incorrect compressed size, which may allow an attacker
to place arbitrary code on the heap and execute it in the context of
A remote attacker is able to use a specially crafted zip file that,
when processed, is leading to arbitrary code execution.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security