MGASA-2018-0123

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0123.html

Import Source

https://advisories.mageia.org/MGASA-2018-0123.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0123

Related

CVE-2017-17969

Published

2018-02-08T11:30:47Z

Modified

2018-02-08T10:58:07Z

Summary

Updated p7zip packages fix security vulnerability

Details

Heap-based buffer overflow vulnerability in the NCompress::NShrink::CDecoder::CodeReal method in p7zip. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running p7zip, if a specially crafted shrinked ZIP archive is processed (CVE-2017-17969).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / p7zip

Package

Name: p7zip
Purl: pkg:rpm/mageia/p7zip?arch=source&distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.02-2.1.mga6

Ecosystem specific

{
    "section": "core"
}