-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : p7zip Version : 9.20.1~dfsg.1-4+deb7u2 CVE ID : CVE-2016-2335 Debian Bug : 824160
Marcin 'Icewall' Noga of Cisco Talos discovered an out-of-bound read vulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running p7zip, if a specially crafted UDF file is processed. For Debian 7 "Wheezy", these problems have been fixed in version 9.20.1~dfsg.1-4+deb7u2. We recommend that you upgrade your p7zip packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Brian May <b...@debian.org> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXWpEbAAoJEBeEV3+BH26sdoIQANK5Jdw1Ubha4hjxCuTkM90K 77X87E7qyOpl/4HgyqFDNvutNhZZTDa4NRLfhp22yj0enNPMEIxgNxXQRZpIuq/r 55LQmUmUZY9cy+KCOn/avuwwMesakqJxQrC1DtfocYQi8RWUmmRT5d9fEQ2D+ZeP BU2gtp7OHdeS/Iex5z9j+kKCrFlTq/Fw1qnPO1gaEI8LyWo1BfhZLaQom3nOJlMm OvqIDwBrviV25CAHfhug4d8ABXFkbXdsyFbuf06+2DqszYwx3Q05GVjvfCNpTTgo /G/BEaCgKatQuWRQlUz3w6S1o6GXxQXBiTgQsOVgrx0i+7c3URVUmj/AjBF+VqYR mP3NDHHhud9YEFEabzCjTb+vXr+PpF3BySoH88Wx8kS1BNk/gDwV6nxh9JX8uWTv Xl+HAijxuKyiatMt5vwRbYSDDEM65y9k5mZ1iMe+kg3O31ijfaBIBv0fB9zPMIdr uc5LvI6KUJQDbki5Gxb6fbX0a8d/ehII5Ga3yz+34rBgXhu1TtMALaAeF2R9YDOK TmrK9NzfdU4gV2auL5pFK5DVxApdDo6lg5QcwBIcGBjzzMhAynQybJev067aX60O CSYiSjfegk9my0Ipjv9h43jNUogYLAlR1Kj8VfZhNDKOjTN6/16O2eBAQ4k1o9u6 DNM3OszfOC9LGR+V/CDM =OXXK -----END PGP SIGNATURE-----