Advisories » MGASA-2015-0252

Updated p7zip package fixes security vulnerability

Publication date: 01 Jul 2015
Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-1038

Description

Alexander Cherepanov discovered that p7zip is susceptible to a directory
traversal vulnerability. While extracting an archive, it will extract
symlinks and then follow them if they are referenced in further entries.
This can be exploited by a rogue archive to write files outside the
current directory (CVE-2015-1038).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16122
• https://www.debian.org/security/2015/dsa-3289
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1038

SRPMS

4/core

• p7zip-9.20.1-4.1.mga4

5/core

• p7zip-9.20.1-6.1.mga5