[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 245-1] p7zip security update

Package        : p7zip
Version        : 9.04~dfsg.1-1+deb6u1
CVE ID         : CVE-2015-1038
Debian Bug     : 774660

Alexander Cherepanov discovered that p7zip is susceptible to a
directory traversal vulnerability.  While extracting an archive, it
will extract symlinks and then follow them if they are referenced in
further entries.  This can be exploited by a rogue archive to write
files outside the current directory.

For the oldoldstable distribution (squeeze), this problem has been
fixed in version 9.04~dfsg.1-1+deb6u1.

For the oldstable distribution (wheezy) and stable distribution
(jessie), this problem will be fixed soon.

Ben Hutchings - Debian developer, member of Linux kernel and LTS teams

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: