Описание
Security update for p7zip
This update for p7zip fixes the following issues:
Security issues fixed:
- CVE-2016-1372: Fixed multiple vulnerabilities when processing crafted 7z files (bsc#984650)
- CVE-2017-17969: Fixed a heap-based buffer overflow in a shrink decoder (bsc#1077725)
- CVE-2018-5996: Fixed memory corruption in RAR decompression. The complete RAR decoder was removed as it also has license issues (bsc#1077724 bsc#1077978)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
Ссылки
- Link for SUSE-SU-2018:0464-1
- E-Mail link for SUSE-SU-2018:0464-1
- SUSE Security Ratings
- SUSE Bug 1077724
- SUSE Bug 1077725
- SUSE Bug 1077978
- SUSE Bug 984650
- SUSE CVE CVE-2016-1372 page
- SUSE CVE CVE-2017-17969 page
- SUSE CVE CVE-2018-5996 page
Описание
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file.
Затронутые продукты
Ссылки
- CVE-2016-1372
- SUSE Bug 984650
Описание
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.
Затронутые продукты
Ссылки
- CVE-2017-17969
- SUSE Bug 1077725
Описание
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
Затронутые продукты
Ссылки
- CVE-2018-5996
- SUSE Bug 1077724