Advisories » MGASA-2018-0123

Updated p7zip packages fix security vulnerability

Publication date: 08 Feb 2018
Modification date: 08 Feb 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-17969

Description

Heap-based buffer overflow vulnerability in the
NCompress::NShrink::CDecoder::CodeReal method in p7zip. A remote attacker
can take advantage of this flaw to cause a denial-of-service or,
potentially the execution of arbitrary code with the privileges of the
user running p7zip, if a specially crafted shrinked ZIP archive is
processed (CVE-2017-17969).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22523
• https://www.debian.org/security/2018/dsa-4104
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17969

SRPMS

6/core

• p7zip-16.02-2.1.mga6