What Are You Looking For?

Sign Up
MGASA-2021-0305 - Updated p7zip package fixes security vulnerabilities

Publication date: 30 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0305.html
Type: security
Affected Mageia releases: 7, 8
CVE: CVE-2021-3465

In p7zip-17.03, the function NCompress::CCopyCoder::Code in
CPP/7zip/Common/StreamObjects.cpp will call outStream->Write where a memcpy
uses a NULL pointer as destination address, leading to a crash (CVE-2021-3465).

Null pointer dereference in function Reserve() found in p7zip 16.02
(rhbz#1951218).

Null Pointer Dereference  in function NArchive::NLzh::CItem::GetUnixTime found
in p7zip 16.02 (rhbz#1951224).

The p7zip package has been patched to fix these issues.

Also, the Mageia 7 package has been updated to version 17.03.

References:
- https://bugs.mageia.org/show_bug.cgi?id=28903
- https://github.com/jinfeihan57/p7zip/releases
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/OQBZYFULI5NBGLWDHKHSVMRMYNY2XC5Q/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OJQ6YRT2OALFI2LGZSLJD5T74MV6PJ7V/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3465

SRPMS:
- 8/core/p7zip-17.03-1.1.mga8
- 7/core/p7zip-17.03-1.1.mga7

Mageia 2021-0305: p7zip security update

In p7zip-17.03, the function NCompress::CCopyCoder::Code in CPP/7zip/Common/StreamObjects.cpp will call outStream->Write where a memcpy uses a NULL pointer as destination address, ...

Summary

In p7zip-17.03, the function NCompress::CCopyCoder::Code in CPP/7zip/Common/StreamObjects.cpp will call outStream->Write where a memcpy uses a NULL pointer as destination address, leading to a crash (CVE-2021-3465).
Null pointer dereference in function Reserve() found in p7zip 16.02 (rhbz#1951218).
Null Pointer Dereference in function NArchive::NLzh::CItem::GetUnixTime found in p7zip 16.02 (rhbz#1951224).
The p7zip package has been patched to fix these issues.
Also, the Mageia 7 package has been updated to version 17.03.

References

- https://bugs.mageia.org/show_bug.cgi?id=28903

- https://github.com/jinfeihan57/p7zip/releases

- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/OQBZYFULI5NBGLWDHKHSVMRMYNY2XC5Q/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OJQ6YRT2OALFI2LGZSLJD5T74MV6PJ7V/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3465

Resolution

MGASA-2021-0305 - Updated p7zip package fixes security vulnerabilities

SRPMS

- 8/core/p7zip-17.03-1.1.mga8

- 7/core/p7zip-17.03-1.1.mga7

Severity
Publication date: 30 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0305.html
Type: security
CVE: CVE-2021-3465

Related News

Latest Release of EuroLinux Desktop – What Will We Find in Version 9.1?

Apr 2, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo