Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.1450 p7zip security update 10 June 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: p7zip Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-2335 Reference: ASB-2016.0056 Original Bulletin: http://www.debian.org/security/2016/dsa-3599 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3599-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 09, 2016 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : p7zip CVE ID : CVE-2016-2335 Debian Bug : 824160 Marcin 'Icewall' Noga of Cisco Talos discovered an out-of-bound read vulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running p7zip, if a specially crafted UDF file is processed. For the stable distribution (jessie), this problem has been fixed in version 9.20.1~dfsg.1-4.1+deb8u2. For the testing distribution (stretch), this problem has been fixed in version 15.14.1+dfsg-2. For the unstable distribution (sid), this problem has been fixed in version 15.14.1+dfsg-2. We recommend that you upgrade your p7zip packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXWYdlAAoJEAVMuPMTQ89EW6wP/37CB1SuykB+dEnUaYNR5gId fVzPjkFlRTPNsXL3fSNNWXK5wXyys5kyKzLTL2ET92L/7MbjdUNtcSFiMXVCV2Jo PuQAk6h57pFdpEkQiEn1pnmx+SocTnCdtZ9BE5j8f7Ob6v9Q4fTc5kEJU3xn3aNg 7VCbnb7mYA7jN+Uoy3LwtiSCvoovzWmJvncDNhYdhdS0uZ/IVJ35TpRGXCiRds3d Ud13K5uSBVVhOhkSbMza+cujloteQytkumXgKu3s2vtgPpasJrQievDBIv+ouQHu qrqKWoUJyZhsTzKKJUMjCRv3qlsz9k+AtUnCE02Mv2a1FWS7XGwf8O7W7woMElhF NHsYJcQB69zOMRVx+jO6iqoUX9iopeB7tp/SXNUmdAD3U9qv3XsV+9nN4jqecJYm Zm6TAOwGK2QHL3xAySUVPyCxVPaC4yqBCiPCushYsq9wJuuCAHBIjFHYXybX70sZ V+mQvyBK09suDAmaLgpof8RZtMcI7bwN6QqzyIAq8AO3QGJfwEMxqMV4hNIYpoIb pQjAo759VrSm5zVpHkw+vMekMuiwknZPMQWM49pQ9+6cokRSDOwd2hvDhtN+Un31 xu7ZJmB8N9q63Mbc39lEKDmAhXK9zKt8CfnY7/Q5BP5erWMmkJpuqXVDBlTKsJYH 3/SnDKaC1vmgmHB8P+gz =ASUx - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV1oWQ4x+lLeg9Ub1AQiOtRAAoPGnw5JMnN4guVUJYqkPUrtisMmMbUz2 NuJ1ckn2mrguN7M3z3OK28sDW/NunsuxAFgt2RHFC5rRZuk24SRxkpyZ3JPxBMcq 6RrYtsY02745AF4f6XmdZmsbLcmt0VmJ+yl0OfM4xCXEFJyTLrhcRfZn/oLr9tMo 5SaZfQIeh69t+V9zoWpJRqESMsIw8b/2nis09BzknMUeTlw9tDjHDQBit5/Q6XIv aGwCrJD5RToQzkEIpiqz1Xnh7GI3okRVt0YwpMsQaKYKJ9yWm7k1+0CIvKiNfneY 0ikEWD8HB18+6dqAnKCHMn4XF5XjDaW4B5+gUEcZecN1byKDu81da7hZFEip8pJK O+C2AkBIUSsI6UAnKjpjAHlD4Z5gGWzksVcXc7eL5N48G19jozqNthXd/b6NL8Yu akYj5gh3gwJJGGL8hvVE56jvnoijxK3wIm6ni/LmFNRE2RaxGCHBdT5AbgPs8Tvu LlgXFnhoB9WruZ/YyxJx7sctg4RqG8Oc1WTwXFb1AENXk0iciaw6ZlgsR21mJzaq wlmIbaAc22M+QZ4qvFh3VvHm0puPIo92COmv44/+Cut91B2mcm6cGXzA3ClAgRTb kl8SxSomaxpW395SZGkNlaXSGtXvj9KWgYC9o6y1DrZo5Nzz/GNuJpWlFG4HrmOV V5wEmtaxjYI= =MB4J -----END PGP SIGNATURE-----