[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 3599-1] p7zip security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3599-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
June 09, 2016                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : p7zip
CVE ID         : CVE-2016-2335
Debian Bug     : 824160

Marcin 'Icewall' Noga of Cisco Talos discovered an out-of-bound read
vulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zr
file archiver with high compression ratio. A remote attacker can take
advantage of this flaw to cause a denial-of-service or, potentially the
execution of arbitrary code with the privileges of the user running
p7zip, if a specially crafted UDF file is processed.

For the stable distribution (jessie), this problem has been fixed in
version 9.20.1~dfsg.1-4.1+deb8u2.

For the testing distribution (stretch), this problem has been fixed
in version 15.14.1+dfsg-2.

For the unstable distribution (sid), this problem has been fixed in
version 15.14.1+dfsg-2.

We recommend that you upgrade your p7zip packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXWYdlAAoJEAVMuPMTQ89EW6wP/37CB1SuykB+dEnUaYNR5gId
fVzPjkFlRTPNsXL3fSNNWXK5wXyys5kyKzLTL2ET92L/7MbjdUNtcSFiMXVCV2Jo
PuQAk6h57pFdpEkQiEn1pnmx+SocTnCdtZ9BE5j8f7Ob6v9Q4fTc5kEJU3xn3aNg
7VCbnb7mYA7jN+Uoy3LwtiSCvoovzWmJvncDNhYdhdS0uZ/IVJ35TpRGXCiRds3d
Ud13K5uSBVVhOhkSbMza+cujloteQytkumXgKu3s2vtgPpasJrQievDBIv+ouQHu
qrqKWoUJyZhsTzKKJUMjCRv3qlsz9k+AtUnCE02Mv2a1FWS7XGwf8O7W7woMElhF
NHsYJcQB69zOMRVx+jO6iqoUX9iopeB7tp/SXNUmdAD3U9qv3XsV+9nN4jqecJYm
Zm6TAOwGK2QHL3xAySUVPyCxVPaC4yqBCiPCushYsq9wJuuCAHBIjFHYXybX70sZ
V+mQvyBK09suDAmaLgpof8RZtMcI7bwN6QqzyIAq8AO3QGJfwEMxqMV4hNIYpoIb
pQjAo759VrSm5zVpHkw+vMekMuiwknZPMQWM49pQ9+6cokRSDOwd2hvDhtN+Un31
xu7ZJmB8N9q63Mbc39lEKDmAhXK9zKt8CfnY7/Q5BP5erWMmkJpuqXVDBlTKsJYH
3/SnDKaC1vmgmHB8P+gz
=ASUx
-----END PGP SIGNATURE-----


Reply to: