Описание
Security update for p7zip
This update for p7zip fixes the following security issues:
- CVE-2016-1372: Fixed multiple vulnerabilities when processing crafted 7z files (bsc#984650)
- CVE-2017-17969: Fixed a heap-based buffer overflow in a shrink decoder (bsc#1077725)
- CVE-2018-5996: Fixed memory corruption in RAR decompression. The complete RAR decoder was removed as it also has license issues (bsc#1077724 bsc#1077978)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:0497-1
- SUSE Security Ratings
Описание
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file.
Затронутые продукты
Ссылки
- CVE-2016-1372
- SUSE Bug 984650
Описание
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.
Затронутые продукты
Ссылки
- CVE-2017-17969
- SUSE Bug 1077725
Описание
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
Затронутые продукты
Ссылки
- CVE-2018-5996
- SUSE Bug 1077724