Advisories ยป MGASA-2018-0123

Updated p7zip packages fix security vulnerability

Publication date: 08 Feb 2018
Modification date: 08 Feb 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-17969

Description

Heap-based buffer overflow vulnerability in the
NCompress::NShrink::CDecoder::CodeReal method in p7zip. A remote attacker
can take advantage of this flaw to cause a denial-of-service or,
potentially the execution of arbitrary code with the privileges of the
user running p7zip, if a specially crafted shrinked ZIP archive is
processed (CVE-2017-17969).
                

References

SRPMS

6/core