ArchLinux: 201607-1: libarchive: arbitrary code execution
Summary
A vulnerability was found in libarchive. A specially crafted zip file can provide an incorrect compressed size, which may allow an attacker to place arbitrary code on the heap and execute it in the context of the application.
Resolution
Upgrade to 3.2.0-1.
# pacman -Syu "libarchive>=3.2.0-1"
The problem has been fixed upstream in version 3.2.0.
References
https://github.com/libarchive/libarchive/commit/d0331e8e https://www.kb.cert.org/vuls/id/862384 https://access.redhat.com/security/cve/CVE-2016-1541
Workaround
None.