# Security update for p7zip

Announcement ID: SUSE-SU-2024:2475-1  
Rating: important  
References:

  * bsc#1227358
  * bsc#1227359

  
Cross-References:

  * CVE-2023-52168
  * CVE-2023-52169

  
CVSS scores:

  * CVE-2023-52168 ( SUSE ):  8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
  * CVE-2023-52169 ( SUSE ):  8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

  
Affected Products:

  * SUSE Linux Enterprise High Performance Computing 12 SP5
  * SUSE Linux Enterprise Server 12 SP5
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5

  
  
An update that solves two vulnerabilities can now be installed.

## Description:

This update for p7zip fixes the following issues:

  * CVE-2023-52168: Fixed heap-based buffer overflow in the NTFS handler allows
    two bytes to be overwritten at multiple offsets (bsc#1227358)
  * CVE-2023-52169: Fixed out-of-bounds read in NTFS handler (bsc#1227359)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise High Performance Computing 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-2475=1

  * SUSE Linux Enterprise Server 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-2475=1

  * SUSE Linux Enterprise Server for SAP Applications 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-2475=1

## Package List:

  * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
    * p7zip-debugsource-9.20.1-7.6.1
    * p7zip-9.20.1-7.6.1
    * p7zip-debuginfo-9.20.1-7.6.1
  * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
    * p7zip-debugsource-9.20.1-7.6.1
    * p7zip-9.20.1-7.6.1
    * p7zip-debuginfo-9.20.1-7.6.1
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
    * p7zip-debugsource-9.20.1-7.6.1
    * p7zip-9.20.1-7.6.1
    * p7zip-debuginfo-9.20.1-7.6.1

## References:

  * https://www.suse.com/security/cve/CVE-2023-52168.html
  * https://www.suse.com/security/cve/CVE-2023-52169.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1227358
  * https://bugzilla.suse.com/show_bug.cgi?id=1227359

SUSE: 2024:2475-1 important: p7zip Security Advisory Updates

July 15, 2024
* bsc#1227358 * bsc#1227359 Cross-References: * CVE-2023-52168

Summary

## This update for p7zip fixes the following issues: * CVE-2023-52168: Fixed heap-based buffer overflow in the NTFS handler allows two bytes to be overwritten at multiple offsets (bsc#1227358) * CVE-2023-52169: Fixed out-of-bounds read in NTFS handler (bsc#1227359) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-2475=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-2475=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-2475=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * p7zip-debugsource-9.20.1-7.6.1 * p7zip-9.20.1-7.6.1 * p7zip-debuginfo-9.20.1-7.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * p7zip-debugsource-9.20.1-7.6.1 * p7zip-9.20.1-7.6.1 * p7zip-debuginfo-9.20.1-7.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * p7zip-debugsource-9.20.1-7.6.1 * p7zip-9.20.1-7.6.1 * p7zip-debuginfo-9.20.1-7.6.1

References

* bsc#1227358

* bsc#1227359

Cross-

* CVE-2023-52168

* CVE-2023-52169

CVSS scores:

* CVE-2023-52168 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

* CVE-2023-52169 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Affected Products:

* SUSE Linux Enterprise High Performance Computing 12 SP5

* SUSE Linux Enterprise Server 12 SP5

* SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves two vulnerabilities can now be installed.

##

* https://www.suse.com/security/cve/CVE-2023-52168.html

* https://www.suse.com/security/cve/CVE-2023-52169.html

* https://bugzilla.suse.com/show_bug.cgi?id=1227358

* https://bugzilla.suse.com/show_bug.cgi?id=1227359

Severity
Announcement ID: SUSE-SU-2024:2475-1
Rating: important

Related News

Microsoft Update Mayhem: Rescuing Linux Dual-Boot Systems from Secure Boot Woes
2 - 4 min read
Microsoft's recent patch, intended to strengthen Secure Boot defenses, has resulted in an unexpected setback for Linux-Windows dual-boot setups
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
The Anatomy of SLUBStick: Dissecting the Linux Vulnerability That Grants Full System Control
2 - 4 min read
The Linux kernel, the central nervous system of many devices worldwide, interfaces computer hardware and its processes and user processes. Because
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Why Every Business Needs Professional Cybersecurity Services
5 - 10 min read
In modern business, Linux and open-source software form the backbone of countless enterprises, driving the engine behind essential applications and
Exploring AI Integration in Business Operations
3 - 6 min read
Artificial Intelligence in business is slowly becoming the norm and necessary in the competitive struggle. Today, it is a powerful tool for
Navigating the Future of Cybersecurity: Insights & Trends for 2024
4 - 7 min read
In an era where digital transformation is accelerating at an unprecedented pace, cybersecurity has become a critical battleground for businesses and
Tails 6.6 Released: Unpacking Key Features & Updates
2 - 4 min read
Tails (The Amnesic Incognito Live System) offers hope to privacy activists and anyone seeking anonymity online. A live operating system and secure

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved