Bug 46245 - p7zip: Multiple issues (4.2)
p7zip: Multiple issues (4.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.2
All Linux
: P3 normal (vote)
: UCS 4.2-3-errata
Assigned To: Philipp Hahn
Stefan Gohmann
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-02-07 15:51 CET by Philipp Hahn
Modified: 2018-02-14 13:31 CET (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) NVD


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2018-02-07 15:51:46 CET
New Debian p7zip 9.20.1~dfsg.1-4.A~4.2.3.201802061643 fixes:
This update addresses the following issues:
* The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp allows remote
  attackers to cause a denial of service (out-of-bounds read) or execute
  arbitrary code via the PartitionRef field in the Long Allocation Descriptor
  in a UDF file. (CVE-2016-2335)
* Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal
  method allows remote attackers to cause a denial of service (out-of-bounds
  write) or potentially execute arbitrary code via a crafted ZIP archive.
  (CVE-2017-17969)
* p7zip allows remote attackers to write to arbitrary files via a symlink
  attack in an archive. (CVE-2015-1038)

The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file.
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
Comment 1 Philipp Hahn univentionstaff 2018-02-07 15:55:26 CET
0d5f2f6d92 Bug #46245: p7zip_9.20.1~dfsg.1-4
Comment 2 Stefan Gohmann univentionstaff 2018-02-14 06:21:41 CET
YAML: OK

Build: OK (No patches, the package needed to be build since the Debian package version is too low)

Tests: OK - installation works
Comment 3 Arvid Requate univentionstaff 2018-02-14 13:31:54 CET
<http://errata.software-univention.de/ucs/4.2/302.html>