| Summary: | <app-arch/libarchive-3.1.2-r5: heap-based buffer overflow due to improper input validation (CVE-2016-1541) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | bsd+disabled, ssuominen |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1334211 | ||
| Whiteboard: | A2 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 586182 | ||
| Bug Blocks: | |||
Resolved by revbump to 3.1.2-r5 in 0001631411acdce8a01050c8ff0295825cca626c. Was going to vbump, but since upstream made their first release since 2013 despite active development, a vbump is too much work to expeditiously handle this bug. CVE-2016-1541 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1541): Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive. Added to existing GLSA request. This issue was resolved and addressed in GLSA 201701-03 at https://security.gentoo.org/glsa/201701-03 by GLSA coordinator Thomas Deutschmann (whissi). |
From ${URL} : A vulnerability was found in libarchive. A crafted zip file can provide an incorrect compressed size, which may allow an attacker to place arbitrary code on the heap and execute it in the context of the current user. The user must be coerced into unzipping the crafted zip file. External references: http://www.kb.cert.org/vuls/id/862384 Upstream fix: https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.