—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-3574-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 10, 2016 https://www.debian.org/security/faq
– ————————————————————————-

Package : libarchive
CVE ID : CVE-2016-1541
Debian Bug : 823893

Rock Stevens, Andrew Ruef and Marcin ‘Icewall’ Noga discovered a
heap-based buffer overflow vulnerability in the zip_read_mac_metadata
function in libarchive, a multi-format archive and compression library,
which may lead to the execution of arbitrary code if a user or automated
system is tricked into processing a specially crafted ZIP file.

For the stable distribution (jessie), this problem has been fixed in
version 3.1.2-11+deb8u1.

We recommend that you upgrade your libarchive packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJXMh7bAAoJEAVMuPMTQ89EpTIP/0NKCwRC0sXwanP4JRS6Bhbn
FByC7rQ7RbLuypcE4W1rojKDsLjqIUIk1pn2ZkVt/FxqkIX+ybQSWm4z8mfO5naS
nZhEJia22G2vqJ0d/PWsBaHr3oZCk+z6XNOLNgyZPldF630TIabkL0/8d2DAQcKC
faokVokCa3vw8Dzd37FQf8DrMeOmak6AIXC69yabGvXs6nYxDDuSiktPekdKidfP
IG9jd9+3cyYVGONIOH1KobnSa7kFy0qy68TwAxYTe8oqATh13pX3WK2yO1ZN36XW
pSd7nZbCcDNjLHTC7Jinbvy55eLXMpV5Hu0QGoOky3ynbFrQXNNoq4YH2+QCGntw
EidYcz0f7xN3vDJdufBj2NJhAE9YaBM709C22t5JJPTsr0gX3X0eMSnsmePwGOB/
xEBuFl46NPrk4ikhtHb3zjAHPbWbYtOqkbqI5L8P/dMElQFA2tQg3UMZX2bg8dzO
ZkLlOQ+BDnLHE3s6pmPv6quyWqYGCT1Z19f3CRIzRnAtiKbFyUJ5QKQPS05EBQ1V
4uV5DdoM0tW2K8oNQfV2LiBx8xUW1ItmmStWTWbs6TJkL22rfF7pxMTVHnvJFvmb
7Uzun6stgkQCoEE+2IzcwG2/aQh+F8uja+ylRwUSHz2Fu4jNevowsOz6wy7LaaPz
5NmzDuq97YhbP+BRgH9P
=yR7s
—–END PGP SIGNATURE—–