ASA-201806-6 generated external raw

[ASA-201806-6] p7zip: arbitrary code execution
Arch Linux Security Advisory ASA-201806-6 ========================================= Severity: Critical Date : 2018-06-09 CVE-ID : CVE-2018-10115 Package : p7zip Type : arbitrary code execution Remote : Yes Link : Summary ======= The package p7zip before version 16.02-5 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 16.02-5. # pacman -Syu "p7zip>=16.02-5" The problem has been fixed upstream in version 18.05. Workaround ========== None. Description =========== An uninitialized memory security issue has been found in the RAR decoder component of 7-Zip before 18.05, resulting in arbitrary code execution. Impact ====== A remote attacker can execute arbitrary code via a crafted RAR file. References ==========