[SECURITY] [DLA 245-1] p7zip security update

2015-06-1418:45:51

lists.debian.org

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

5.9

Confidence

Low

EPSS

0.023

Percentile

90.0%

JSON

Package : p7zip
Version : 9.04~dfsg.1-1+deb6u1
CVE ID : CVE-2015-1038
Debian Bug : 774660

Alexander Cherepanov discovered that p7zip is susceptible to a
directory traversal vulnerability. While extracting an archive, it
will extract symlinks and then follow them if they are referenced in
further entries. This can be exploited by a rogue archive to write
files outside the current directory.

For the oldoldstable distribution (squeeze), this problem has been
fixed in version 9.04~dfsg.1-1+deb6u1.

For the oldstable distribution (wheezy) and stable distribution
(jessie), this problem will be fixed soon.

–
Ben Hutchings - Debian developer, member of Linux kernel and LTS teams

Attachment:
signature.asc
Description: This is a digitally signed message part

OSVersionArchitecturePackageVersionFilename
Debian7amd64p7zip< 9.20.1~dfsg.1-4+deb7u1p7zip_9.20.1~dfsg.1-4+deb7u1_amd64.deb
Debian7kfreebsd-amd64p7zip< 9.20.1~dfsg.1-4+deb7u1p7zip_9.20.1~dfsg.1-4+deb7u1_kfreebsd-amd64.deb
Debian6allp7zip< 9.04~dfsg.1-1+deb6u1p7zip_9.04~dfsg.1-1+deb6u1_all.deb
Debian7ia64p7zip-full< 9.20.1~dfsg.1-4+deb7u1p7zip-full_9.20.1~dfsg.1-4+deb7u1_ia64.deb
Debian8ppc64elp7zip-full< 9.20.1~dfsg.1-4.1+deb8u1p7zip-full_9.20.1~dfsg.1-4.1+deb8u1_ppc64el.deb
Debian8kfreebsd-amd64p7zip< 9.20.1~dfsg.1-4.1+deb8u1p7zip_9.20.1~dfsg.1-4.1+deb8u1_kfreebsd-amd64.deb
Debian8ppc64elp7zip< 9.20.1~dfsg.1-4.1+deb8u1p7zip_9.20.1~dfsg.1-4.1+deb8u1_ppc64el.deb
Debian7mipselp7zip-full< 9.20.1~dfsg.1-4+deb7u1p7zip-full_9.20.1~dfsg.1-4+deb7u1_mipsel.deb
Debian7mipsp7zip-full< 9.20.1~dfsg.1-4+deb7u1p7zip-full_9.20.1~dfsg.1-4+deb7u1_mips.deb
Debian7kfreebsd-i386p7zip-full< 9.20.1~dfsg.1-4+deb7u1p7zip-full_9.20.1~dfsg.1-4+deb7u1_kfreebsd-i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	amd64	p7zip	< 9.20.1~dfsg.1-4+deb7u1	p7zip_9.20.1~dfsg.1-4+deb7u1_amd64.deb
Debian	7	kfreebsd-amd64	p7zip	< 9.20.1~dfsg.1-4+deb7u1	p7zip_9.20.1~dfsg.1-4+deb7u1_kfreebsd-amd64.deb
Debian	6	all	p7zip	< 9.04~dfsg.1-1+deb6u1	p7zip_9.04~dfsg.1-1+deb6u1_all.deb
Debian	7	ia64	p7zip-full	< 9.20.1~dfsg.1-4+deb7u1	p7zip-full_9.20.1~dfsg.1-4+deb7u1_ia64.deb
Debian	8	ppc64el	p7zip-full	< 9.20.1~dfsg.1-4.1+deb8u1	p7zip-full_9.20.1~dfsg.1-4.1+deb8u1_ppc64el.deb
Debian	8	kfreebsd-amd64	p7zip	< 9.20.1~dfsg.1-4.1+deb8u1	p7zip_9.20.1~dfsg.1-4.1+deb8u1_kfreebsd-amd64.deb
Debian	8	ppc64el	p7zip	< 9.20.1~dfsg.1-4.1+deb8u1	p7zip_9.20.1~dfsg.1-4.1+deb8u1_ppc64el.deb
Debian	7	mipsel	p7zip-full	< 9.20.1~dfsg.1-4+deb7u1	p7zip-full_9.20.1~dfsg.1-4+deb7u1_mipsel.deb
Debian	7	mips	p7zip-full	< 9.20.1~dfsg.1-4+deb7u1	p7zip-full_9.20.1~dfsg.1-4+deb7u1_mips.deb
Debian	7	kfreebsd-i386	p7zip-full	< 9.20.1~dfsg.1-4+deb7u1	p7zip-full_9.20.1~dfsg.1-4+deb7u1_kfreebsd-i386.deb