drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in p7zip
Name: |
Ausführen beliebiger Kommandos in p7zip |
|
ID: |
DSA-3599-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian jessie, Debian stretch |
|
Datum: |
Do, 9. Juni 2016, 18:45 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2335 |
|
Applikationen: |
7-zip |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3599-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 09, 2016 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : p7zip CVE ID : CVE-2016-2335 Debian Bug : 824160
Marcin 'Icewall' Noga of Cisco Talos discovered an out-of-bound read vulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running p7zip, if a specially crafted UDF file is processed.
For the stable distribution (jessie), this problem has been fixed in version 9.20.1~dfsg.1-4.1+deb8u2.
For the testing distribution (stretch), this problem has been fixed in version 15.14.1+dfsg-2.
For the unstable distribution (sid), this problem has been fixed in version 15.14.1+dfsg-2.
We recommend that you upgrade your p7zip packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJXWYdlAAoJEAVMuPMTQ89EW6wP/37CB1SuykB+dEnUaYNR5gId fVzPjkFlRTPNsXL3fSNNWXK5wXyys5kyKzLTL2ET92L/7MbjdUNtcSFiMXVCV2Jo PuQAk6h57pFdpEkQiEn1pnmx+SocTnCdtZ9BE5j8f7Ob6v9Q4fTc5kEJU3xn3aNg 7VCbnb7mYA7jN+Uoy3LwtiSCvoovzWmJvncDNhYdhdS0uZ/IVJ35TpRGXCiRds3d Ud13K5uSBVVhOhkSbMza+cujloteQytkumXgKu3s2vtgPpasJrQievDBIv+ouQHu qrqKWoUJyZhsTzKKJUMjCRv3qlsz9k+AtUnCE02Mv2a1FWS7XGwf8O7W7woMElhF NHsYJcQB69zOMRVx+jO6iqoUX9iopeB7tp/SXNUmdAD3U9qv3XsV+9nN4jqecJYm Zm6TAOwGK2QHL3xAySUVPyCxVPaC4yqBCiPCushYsq9wJuuCAHBIjFHYXybX70sZ V+mQvyBK09suDAmaLgpof8RZtMcI7bwN6QqzyIAq8AO3QGJfwEMxqMV4hNIYpoIb pQjAo759VrSm5zVpHkw+vMekMuiwknZPMQWM49pQ9+6cokRSDOwd2hvDhtN+Un31 xu7ZJmB8N9q63Mbc39lEKDmAhXK9zKt8CfnY7/Q5BP5erWMmkJpuqXVDBlTKsJYH 3/SnDKaC1vmgmHB8P+gz =ASUx -----END PGP SIGNATURE-----
|
|
|
|