ArchLinux: 201806-6: p7zip: arbitrary code execution
Summary
An uninitialized memory security issue has been found in the RAR decoder component of 7-Zip before 18.05, resulting in arbitrary code execution.
Resolution
Upgrade to 16.02-5.
# pacman -Syu "p7zip>=16.02-5"
The problem has been fixed upstream in version 18.05.
References
https://bugs.archlinux.org/task/58907 https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/ https://landave.io/files/patch_7zip_CVE-2018-10115.txt https://security.archlinux.org/CVE-2018-10115
Workaround
None.