========================================================================== Ubuntu Security Notice USN-7030-1 September 24, 2024
py7zr vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: py7zr could be made to create arbitrary files when extracting the contents of a specially crafted 7z archive. Software Description: - py7zr: Pure Python 7-zip library Details: It was discovered that py7zr was vulnerable to path traversal attacks. If a user or automated system were tricked into extracting a specially crafted 7z archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS python3-py7zr 0.11.3+dfsg-4ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7030-1 CVE-2022-44900 Package Information: https://launchpad.net/ubuntu/+source/py7zr/0.11.3+dfsg-4ubuntu0.1
OpenPGP_signature.asc
Description: OpenPGP digital signature
