[Slackbuilds-users] p7zip vulnerabilities
Willy Sudiarto Raharjo
willysr at slackbuilds.org
Wed Jun 1 00:43:43 UTC 2016
> p7zip 9.20.1 has two security issues :
>
> CVE-2015-1038:
> p7zip 9.20.1 allows remote attackers to write to arbitrary files via a
> symlink attack in an archive.
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1038
> https://sourceforge.net/p/p7zip/bugs/147/#2f9c
>
> CVE-2016-2335:
> 7zip UDF CInArchive::ReadFileItem Code Execution Vulnerability
>
> http://www.talosintel.com/reports/TALOS-2016-0094/
> https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/#1dba
>
> The latest p7zip, ie. 15.14.1, is not affected by CVE-2015-1038, but
> affected by CVE-2016-2335 and also by CVE-2016-2334.
>
> In attachment, the patches for these issues, and for the slackbuild.
>
> Notes:
>
> p7zip.SlackBuild.patch
> Applies the patches to fix vulnerabilities in p7zip 9.20.1
Applied 9.20.1 patches in my branch
15.14.1 still break jalview here
Thanks
--
Willy Sudiarto Raharjo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20160601/5c4aec1c/attachment.asc>
More information about the SlackBuilds-users
mailing list