Arch Linux: ASA-201806-6 Critical: p7zip Remote Code Execution
Jun 10, 2018
•
LinuxSecurity Advisories
1 min read
The package p7zip before version 16.02-5 is vulnerable to arbitrary code execution.
Arch Linux Security Advisory ASA-201806-6 ======================================== Severity: Critical Date : 2018-06-09 CVE-ID : CVE-2018-10115 Package : p7zip Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-714 Summary ====== The package p7zip before version 16.02-5 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 16.02-5. # pacman -Syu "p7zip>=16.02-5" The problem has been fixed upstream in version 18.05. Workaround ========= None. Description ========== An uninitialized memory security issue has been found in the RAR decoder component of 7-Zip before 18.05, resulting in arbitrary code execution. Impact ===== A remote attacker can execute arbitrary code via a crafted RAR file. References ========= https://bugs.archlinux.org/task/58907 https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/ https://landave.io/files/patch_7zip_CVE-2018-10115.txt https://security.archlinux.org/CVE-2018-10115
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!