7z code execution vulnerabilites
Bug #1581381 reported by
pcworld
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
p7zip (Debian) |
Fix Released
|
Unknown
|
|||
p7zip (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
In 7z, multiple security vulnerabilites were discovered, supposedly allowing "in some circumstances … arbitrary code execution": http://
p7zip should be updated to include the fixes. Reportedly there is no new release of p7zip yet, so p7zip must be patched manually for now, the patches can be taken from 7zip: https:/
information type: | Private Security → Public Security |
Changed in p7zip (Ubuntu): | |
importance: | Undecided → Medium |
Changed in p7zip (Debian): | |
status: | Unknown → Fix Released |
description: | updated |
tags: | added: vivid |
To post a comment you must log in.
This bug was fixed in the package p7zip (15.14.1+dfsg-2)
---
p7zip (15.14.1+dfsg-2) unstable; urgency=high
* Fix the heap buffer overflow in HFS handler (CVE-2016-2334) and /sourceforge. net/p/p7zip/ discussion/ 383043/ thread/ 9d0fb86b/
out of bounds read in UDF handler (CVS-2016-2335) using patches from
https:/
(closes: #824160).
-- Robert Luberda <email address hidden> Sun, 15 May 2016 11:35:38 +0200