PublicDateAtUSN: 2016-05-07
Candidate: CVE-2016-1541
PublicDate: 2016-05-07 10:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541
 http://www.kb.cert.org/vuls/id/862384
 https://ubuntu.com/security/notices/USN-2981-1
Description:
 Heap-based buffer overflow in the zip_read_mac_metadata function in
 archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote
 attackers to execute arbitrary code via crafted entry-size values in a ZIP
 archive.
Ubuntu-Description:
Notes:
Bugs:
 https://github.com/libarchive/libarchive/issues/656
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_libarchive:
 upstream: https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7
upstream_libarchive: released (3.2.0)
precise_libarchive: not-affected (code not present)
trusty_libarchive: released (3.1.2-7ubuntu2.2)
trusty/esm_libarchive: released (3.1.2-7ubuntu2.2)
vivid/stable-phone-overlay_libarchive: DNE
vivid/ubuntu-core_libarchive: DNE
wily_libarchive: released (3.1.2-11ubuntu0.15.10.1)
xenial_libarchive: released (3.1.2-11ubuntu0.16.04.1)
esm-infra/xenial_libarchive: released (3.1.2-11ubuntu0.16.04.1)
devel_libarchive: released (3.1.2-11ubuntu1)