Updated p7zip packages fix security vulnerability
Publication date: 08 Feb 2018Modification date: 08 Feb 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-17969
Description
Heap-based buffer overflow vulnerability in the NCompress::NShrink::CDecoder::CodeReal method in p7zip. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running p7zip, if a specially crafted shrinked ZIP archive is processed (CVE-2017-17969).
References
SRPMS
6/core
- p7zip-16.02-2.1.mga6