[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 510-1] p7zip security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : p7zip
Version        : 9.20.1~dfsg.1-4+deb7u2
CVE ID         : CVE-2016-2335
Debian Bug     : 824160

Marcin 'Icewall' Noga of Cisco Talos discovered an out-of-bound read
vulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zr
file archiver with high compression ratio. A remote attacker can take
advantage of this flaw to cause a denial-of-service or, potentially the
execution of arbitrary code with the privileges of the user running
p7zip, if a specially crafted UDF file is processed.

For Debian 7 "Wheezy", these problems have been fixed in version
9.20.1~dfsg.1-4+deb7u2.

We recommend that you upgrade your p7zip packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -- 
Brian May <bam@debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXWpEbAAoJEBeEV3+BH26sdoIQANK5Jdw1Ubha4hjxCuTkM90K
77X87E7qyOpl/4HgyqFDNvutNhZZTDa4NRLfhp22yj0enNPMEIxgNxXQRZpIuq/r
55LQmUmUZY9cy+KCOn/avuwwMesakqJxQrC1DtfocYQi8RWUmmRT5d9fEQ2D+ZeP
BU2gtp7OHdeS/Iex5z9j+kKCrFlTq/Fw1qnPO1gaEI8LyWo1BfhZLaQom3nOJlMm
OvqIDwBrviV25CAHfhug4d8ABXFkbXdsyFbuf06+2DqszYwx3Q05GVjvfCNpTTgo
/G/BEaCgKatQuWRQlUz3w6S1o6GXxQXBiTgQsOVgrx0i+7c3URVUmj/AjBF+VqYR
mP3NDHHhud9YEFEabzCjTb+vXr+PpF3BySoH88Wx8kS1BNk/gDwV6nxh9JX8uWTv
Xl+HAijxuKyiatMt5vwRbYSDDEM65y9k5mZ1iMe+kg3O31ijfaBIBv0fB9zPMIdr
uc5LvI6KUJQDbki5Gxb6fbX0a8d/ehII5Ga3yz+34rBgXhu1TtMALaAeF2R9YDOK
TmrK9NzfdU4gV2auL5pFK5DVxApdDo6lg5QcwBIcGBjzzMhAynQybJev067aX60O
CSYiSjfegk9my0Ipjv9h43jNUogYLAlR1Kj8VfZhNDKOjTN6/16O2eBAQ4k1o9u6
DNM3OszfOC9LGR+V/CDM
=OXXK
-----END PGP SIGNATURE-----


Reply to: