Security update for libarchive SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1463-1 Final 1 1 2016-06-01T09:37:26Z current 2016-06-01T09:37:26Z 2016-06-01T09:37:26Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libarchive This update for libarchive fixes the following issue: - Fix a heap-based buffer overflow (CVE-2016-1541, bsc#979005) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-updates/2016-06/msg00003.html E-Mail link for openSUSE-SU-2016:1463-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 bsdtar-3.1.2-7.8.1 bsdtar-debuginfo-3.1.2-7.8.1 libarchive-3.1.2-7.8.1 libarchive-debugsource-3.1.2-7.8.1 libarchive-devel-3.1.2-7.8.1 libarchive13-3.1.2-7.8.1 libarchive13-32bit-3.1.2-7.8.1 libarchive13-debuginfo-3.1.2-7.8.1 libarchive13-debuginfo-32bit-3.1.2-7.8.1 bsdtar-3.1.2-7.8.1 as a component of openSUSE 13.2 bsdtar-debuginfo-3.1.2-7.8.1 as a component of openSUSE 13.2 libarchive-3.1.2-7.8.1 as a component of openSUSE 13.2 libarchive-debugsource-3.1.2-7.8.1 as a component of openSUSE 13.2 libarchive-devel-3.1.2-7.8.1 as a component of openSUSE 13.2 libarchive13-3.1.2-7.8.1 as a component of openSUSE 13.2 libarchive13-32bit-3.1.2-7.8.1 as a component of openSUSE 13.2 libarchive13-debuginfo-3.1.2-7.8.1 as a component of openSUSE 13.2 libarchive13-debuginfo-32bit-3.1.2-7.8.1 as a component of openSUSE 13.2 Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive. CVE-2016-1541 openSUSE 13.2:bsdtar-3.1.2-7.8.1 openSUSE 13.2:bsdtar-debuginfo-3.1.2-7.8.1 openSUSE 13.2:libarchive-3.1.2-7.8.1 openSUSE 13.2:libarchive-debugsource-3.1.2-7.8.1 openSUSE 13.2:libarchive-devel-3.1.2-7.8.1 openSUSE 13.2:libarchive13-3.1.2-7.8.1 openSUSE 13.2:libarchive13-32bit-3.1.2-7.8.1 openSUSE 13.2:libarchive13-debuginfo-3.1.2-7.8.1 openSUSE 13.2:libarchive13-debuginfo-32bit-3.1.2-7.8.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-06/msg00003.html https://www.suse.com/security/cve/CVE-2016-1541.html CVE-2016-1541 https://bugzilla.suse.com/979005 SUSE Bug 979005