MGASA-2015-0252

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0252.html

Import Source

https://advisories.mageia.org/MGASA-2015-0252.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2015-0252

Related

CVE-2015-1038

Published

2015-07-01T12:40:22Z

Modified

2015-07-09T07:56:53Z

Summary

Updated p7zip package fixes security vulnerability

Details

Alexander Cherepanov discovered that p7zip is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current directory (CVE-2015-1038).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / p7zip

Package

Name: p7zip
Purl: pkg:rpm/mageia/p7zip?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.20.1-4.1.mga4

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / p7zip

Package

Name: p7zip
Purl: pkg:rpm/mageia/p7zip?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.20.1-6.1.mga5

Ecosystem specific

{
    "section": "core"
}