'landave' discovered a heap-based buffer overflow vulnerability in the NCompress::NShrink::CDecoder::CodeReal method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running p7zip, if a specially crafted shrinked ZIP archive is processed. https://www.debian.org/security/2018/dsa-4104
CVE: (none) => CVE-2017-1796
Whiteboard: (none) => MGA6TOOSummary: p7zip -- security update CVE-2017-17969 => p7zip new security issue CVE-2017-17969
Done for Cauldron and also for mga6!
CC: (none) => geiger.david68210
Thanks! Advisory: ======================== Updated p7zip package fixes security vulnerability: Heap-based buffer overflow vulnerability in the NCompress::NShrink::CDecoder::CodeReal method in p7zip. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running p7zip, if a specially crafted shrinked ZIP archive is processed (CVE-2017-17969). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17969 https://www.debian.org/security/2018/dsa-4104 ======================== Updated packages in core/updates_testing: ======================== p7zip-16.02-2.1.mga6 from p7zip-16.02-2.1.mga6.src.rpm
Whiteboard: MGA6TOO => (none)Assignee: bugsquad => qa-bugsVersion: Cauldron => 6
MGA6-64 on Lenovo B50 Plasma No installation issues At CLI: $ 7z a test * 7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21 p7zip Version 16.02 (locale=nl_BE.UTF-8,Utf16=on,HugeFiles=on,64 bits,4 CPUs Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz (306D4),ASM,AES-NI) Scanning the drive: 9 files, 7233132 bytes (7064 KiB) Creating archive: test.7z Items to compress: 9 Files read from disk: 9 Archive size: 1020803 bytes (997 KiB) Everything is Ok Checked with ark that all files were present in test.7z and of correct size.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA6-64-OK
Advisory committed to svn. Validating the update.
Keywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0123.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
*** Bug 23007 has been marked as a duplicate of this bug. ***
CC: (none) => j.biernacki