[SECURITY] [DLA 1268-1] p7zip security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1268-1] p7zip security update
From: Antoine Beaupré <anarcat@debian.org>
Date: Fri, 2 Feb 2018 10:52:10 -0500
Message-id: <[🔎] 20180202155210.7ivnhmbuhqe4jfmj@curie.anarc.at>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : p7zip
Version        : 9.20.1~dfsg.1-4+deb7u3
CVE ID         : CVE-2017-17969
Debian Bug     : 888297

The p7zip package has a heap-based buffer overflow in the
NCompress::NShrink::CDecoder::CodeReal method in 7-Zip which allows
remote attackers to cause a denial of service (out-of-bounds write) or
potentially execute arbitrary code via a crafted ZIP archive.

For Debian 7 "Wheezy", these problems have been fixed in version
9.20.1~dfsg.1-4+deb7u3.

We recommend that you upgrade your p7zip packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: [SECURITY] [DLA 1267-1] squid security update
Next by Date: [SECURITY] [DLA 1269-1] dokuwiki security update
Previous by thread: [SECURITY] [DLA 1267-1] squid security update
Next by thread: [SECURITY] [DLA 1269-1] dokuwiki security update
Index(es):
- Date
- Thread