-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.1450
                           p7zip security update
                               10 June 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           p7zip
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-2335  

Reference:         ASB-2016.0056

Original Bulletin: 
   http://www.debian.org/security/2016/dsa-3599

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3599-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
June 09, 2016                         https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : p7zip
CVE ID         : CVE-2016-2335
Debian Bug     : 824160

Marcin 'Icewall' Noga of Cisco Talos discovered an out-of-bound read
vulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zr
file archiver with high compression ratio. A remote attacker can take
advantage of this flaw to cause a denial-of-service or, potentially the
execution of arbitrary code with the privileges of the user running
p7zip, if a specially crafted UDF file is processed.

For the stable distribution (jessie), this problem has been fixed in
version 9.20.1~dfsg.1-4.1+deb8u2.

For the testing distribution (stretch), this problem has been fixed
in version 15.14.1+dfsg-2.

For the unstable distribution (sid), this problem has been fixed in
version 15.14.1+dfsg-2.

We recommend that you upgrade your p7zip packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXWYdlAAoJEAVMuPMTQ89EW6wP/37CB1SuykB+dEnUaYNR5gId
fVzPjkFlRTPNsXL3fSNNWXK5wXyys5kyKzLTL2ET92L/7MbjdUNtcSFiMXVCV2Jo
PuQAk6h57pFdpEkQiEn1pnmx+SocTnCdtZ9BE5j8f7Ob6v9Q4fTc5kEJU3xn3aNg
7VCbnb7mYA7jN+Uoy3LwtiSCvoovzWmJvncDNhYdhdS0uZ/IVJ35TpRGXCiRds3d
Ud13K5uSBVVhOhkSbMza+cujloteQytkumXgKu3s2vtgPpasJrQievDBIv+ouQHu
qrqKWoUJyZhsTzKKJUMjCRv3qlsz9k+AtUnCE02Mv2a1FWS7XGwf8O7W7woMElhF
NHsYJcQB69zOMRVx+jO6iqoUX9iopeB7tp/SXNUmdAD3U9qv3XsV+9nN4jqecJYm
Zm6TAOwGK2QHL3xAySUVPyCxVPaC4yqBCiPCushYsq9wJuuCAHBIjFHYXybX70sZ
V+mQvyBK09suDAmaLgpof8RZtMcI7bwN6QqzyIAq8AO3QGJfwEMxqMV4hNIYpoIb
pQjAo759VrSm5zVpHkw+vMekMuiwknZPMQWM49pQ9+6cokRSDOwd2hvDhtN+Un31
xu7ZJmB8N9q63Mbc39lEKDmAhXK9zKt8CfnY7/Q5BP5erWMmkJpuqXVDBlTKsJYH
3/SnDKaC1vmgmHB8P+gz
=ASUx
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV1oWQ4x+lLeg9Ub1AQiOtRAAoPGnw5JMnN4guVUJYqkPUrtisMmMbUz2
NuJ1ckn2mrguN7M3z3OK28sDW/NunsuxAFgt2RHFC5rRZuk24SRxkpyZ3JPxBMcq
6RrYtsY02745AF4f6XmdZmsbLcmt0VmJ+yl0OfM4xCXEFJyTLrhcRfZn/oLr9tMo
5SaZfQIeh69t+V9zoWpJRqESMsIw8b/2nis09BzknMUeTlw9tDjHDQBit5/Q6XIv
aGwCrJD5RToQzkEIpiqz1Xnh7GI3okRVt0YwpMsQaKYKJ9yWm7k1+0CIvKiNfneY
0ikEWD8HB18+6dqAnKCHMn4XF5XjDaW4B5+gUEcZecN1byKDu81da7hZFEip8pJK
O+C2AkBIUSsI6UAnKjpjAHlD4Z5gGWzksVcXc7eL5N48G19jozqNthXd/b6NL8Yu
akYj5gh3gwJJGGL8hvVE56jvnoijxK3wIm6ni/LmFNRE2RaxGCHBdT5AbgPs8Tvu
LlgXFnhoB9WruZ/YyxJx7sctg4RqG8Oc1WTwXFb1AENXk0iciaw6ZlgsR21mJzaq
wlmIbaAc22M+QZ4qvFh3VvHm0puPIo92COmv44/+Cut91B2mcm6cGXzA3ClAgRTb
kl8SxSomaxpW395SZGkNlaXSGtXvj9KWgYC9o6y1DrZo5Nzz/GNuJpWlFG4HrmOV
V5wEmtaxjYI=
=MB4J
-----END PGP SIGNATURE-----