Bug 46245

Summary: p7zip: Multiple issues (4.2)
Product: UCS Reporter: Philipp Hahn <hahn>
Component: Security updatesAssignee: Philipp Hahn <hahn>
Status: CLOSED FIXED QA Contact: Stefan Gohmann <gohmann>
Severity: normal    
Priority: P3 CC: gohmann
Version: UCS 4.2   
Target Milestone: UCS 4.2-3-errata   
Hardware: All   
OS: Linux   
What kind of report is it?: Security Issue What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) NVD

Description Philipp Hahn univentionstaff 2018-02-07 15:51:46 CET 
New Debian p7zip 9.20.1~dfsg.1-4.A~4.2.3.201802061643 fixes:
This update addresses the following issues:
* The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp allows remote
  attackers to cause a denial of service (out-of-bounds read) or execute
  arbitrary code via the PartitionRef field in the Long Allocation Descriptor
  in a UDF file. (CVE-2016-2335)
* Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal
  method allows remote attackers to cause a denial of service (out-of-bounds
  write) or potentially execute arbitrary code via a crafted ZIP archive.
  (CVE-2017-17969)
* p7zip allows remote attackers to write to arbitrary files via a symlink
  attack in an archive. (CVE-2015-1038)

The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file.
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
Comment 1 Philipp Hahn univentionstaff 2018-02-07 15:55:26 CET 
0d5f2f6d92 Bug #46245: p7zip_9.20.1~dfsg.1-4
Comment 2 Stefan Gohmann univentionstaff 2018-02-14 06:21:41 CET 
YAML: OK

Build: OK (No patches, the package needed to be build since the Debian package version is too low)

Tests: OK - installation works
Comment 3 Arvid Requate univentionstaff 2018-02-14 13:31:54 CET 
<http://errata.software-univention.de/ucs/4.2/302.html>