ArchLinux: 201604-8: lhasa: arbitrary code execution
Summary
An exploitable integer underflow exists during calculation size for all
headers in decode_level3_header function of Lhasa (lha) application.
Smaller value of header_len than LEVEL_3_HEADER_LEN ( 32 ) cause during
subtraction integer underflow and lead later to memory corruption via
heap based buffer overflow.
Resolution
Upgrade to 0.3.1-1.
# pacman -Syu "lhasa>=0.3.1-1"
The problems has been fixed upstream in version 0.3.1
References
https://talosintelligence.com/vulnerability_reports/TALOS-2016-0095/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2347
Workaround
None.