Описание
Security update for p7zip
This update for p7zip fixes the following issues:
- CVE-2023-52168: Fixed heap-based buffer overflow in the NTFS handler allows two bytes to be overwritten at multiple offsets (bsc#1227358)
- CVE-2023-52169: Fixed out-of-bounds read in NTFS handler (bsc#1227359)
Список пакетов
SUSE Linux Enterprise Server 12 SP5
p7zip-9.20.1-7.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
p7zip-9.20.1-7.6.1
Ссылки
- Link for SUSE-SU-2024:2475-1
- E-Mail link for SUSE-SU-2024:2475-1
- SUSE Security Ratings
- SUSE Bug 1227358
- SUSE Bug 1227359
- SUSE CVE CVE-2023-52168 page
- SUSE CVE CVE-2023-52169 page
Описание
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:p7zip-9.20.1-7.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:p7zip-9.20.1-7.6.1
Ссылки
- CVE-2023-52168
- SUSE Bug 1227358
Описание
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:p7zip-9.20.1-7.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:p7zip-9.20.1-7.6.1
Ссылки
- CVE-2023-52169
- SUSE Bug 1227359