*** This bug is a security vulnerability *** Public security bug reported:
In 7z, multiple security vulnerabilites were discovered, supposedly allowing "in some circumstances … arbitrary code execution": http://www.talosintel.com/reports/TALOS-2016-0093/ p7zip should be updated to include the fixes. Reportedly there is no new release of p7zip yet, so p7zip must be patched manually for now, the patches can be taken from 7zip: https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/ ** Affects: p7zip (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2334 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2335 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1581381 Title: 7z code execution vulnerabilites To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/p7zip/+bug/1581381/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
