1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4104-1] p7zip security update

    From Salvatore Bonaccorso@1:229/2 to All on Sun Feb 4 21:50:01 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4104-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 04, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : p7zip
    CVE ID : CVE-2017-17969
    Debian Bug : 888297

    'landave' discovered a heap-based buffer overflow vulnerability in the NCompress::NShrink::CDecoder::CodeReal method in p7zip, a 7zr file
    archiver with high compression ratio. A remote attacker can take
    advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running
    p7zip, if a specially crafted shrinked ZIP archive is processed.

    For the oldstable distribution (jessie), this problem has been fixed
    in version 9.20.1~dfsg.1-4.1+deb8u3.

    For the stable distribution (stretch), this problem has been fixed in
    version 16.02+dfsg-3+deb9u1.

    We recommend that you upgrade your p7zip packages.

    For the detailed security status of p7zip please refer to its security
    tracker page at:
    https://security-tracker.debian.org/tracker/p7zip

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlp3b2tfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TrkA//VNLdog0TJNf4fHBagj2qd9UFUInov6I6r4Bc0nfuyL66LY57riC8yLnF jiqq3+q86aXqokRO6/enP2v8d4OCS/jcZhMFmg86CE+1em+jBFdUcNijZUzIZjpA pEEbfNCYZ+aOrhDHAZn4HvjCnxRk5zseGmvfCNPtbJOxbeUh5tVcbXy/2768t/v0 s9n9cAI1BsvE/4M6/6PH/HEemJbHQpYUi+cE2WR0GEAszQd4U988Vf4LG/1ZhuN9 /rpfbvDw/OwTYlWFQyvzPl+lnyWrUXgY5EYrhllNXBUFfIzQg+NqlapWj37AR54+ 1UI4FVTjmcio6DYvtCfG704oL2yviKjxPddOSg+nJBuQTOcpskJtQPXHq3k0ELRE vWRehSemSj+XhZI9NV7TQ0n2UQfUQTIK04l2LOxN7Uozf7S6rRe653TFnk4VGsLi 1CQr1ek7YwepfSuaLl2eyUZl6xe3tFIeDtDbTLU9g1Cv8RIlMOU1KiVaSPhfjO/3 Gnx29JzqwM216gQl/8N9SUA7vtZJDbwAwzo/bMDHEpvvoqR4jVEKK4pLRm9UsQyX EKT26ZJqEuegV792xcowNpvn3s2H0TM+3u6DLGHUq2xC2TgsgHYy5zWeDnnx/5R2 yr0F9qPl9kefqabDCM4Tqvu32YYym5UUIqiq+iYQaDwDorDx7Bo=
    =T7ze
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)