[3.1] libarchive: heap-based buffer overflow due to improper input validation (CVE-2016-1541)
A crafted zip file can provide an incorrect compressed size, which may
allow an attacker to place arbitrary code
on the heap and execute it in the context of the current user. The user
must be coerced into unzipping the crafted zip file.
Fixed In Version:
libarchive 3.2.0
References:
http://www.kb.cert.org/vuls/id/862384
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-1541
Fix:
https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7
(from redmine: issue id 5564, created on 2016-05-13, closed on 2016-06-15)
- Relations:
- parent #5560 (closed)
- Changesets:
- Revision b6e644f4 on 2016-06-14T13:39:21Z:
main/libarchive: security fix (CVE-2016-1541). Fixes #5564
(cherry picked from commit fd77c7aec807195aafce696698671418dff7d932)