ASA-201806-6 log original external raw
| [ASA-201806-6] p7zip: arbitrary code execution |
|---|
|
Arch Linux Security Advisory ASA-201806-6
=========================================
Severity: Critical
Date : 2018-06-09
CVE-ID : CVE-2018-10115
Package : p7zip
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-714
Summary
=======
The package p7zip before version 16.02-5 is vulnerable to arbitrary
code execution.
Resolution
==========
Upgrade to 16.02-5.
# pacman -Syu "p7zip>=16.02-5"
The problem has been fixed upstream but no release is available yet.
Workaround
==========
None.
Description
===========
An uninitialized memory security issue has been found in the RAR
decoder component of 7-Zip before 18.05, resulting in arbitrary code
execution.
Impact
======
A remote attacker can execute arbitrary code via a crafted RAR file.
References
==========
https://bugs.archlinux.org/task/58907
https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
https://landave.io/files/patch_7zip_CVE-2018-10115.txt
https://security.archlinux.org/CVE-2018-10115
|