| Errata ID | 302 |
|---|---|
| Date | 2018-02-14 |
| Source package | p7zip |
| Fixed in version | 9.20.1~dfsg.1-4.A~4.2.3.201802061643 |
| Description | This update addresses the following issues: * The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file. (CVE-2016-2335) * Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive. (CVE-2017-17969) * p7zip allows remote attackers to write to arbitrary files via a symlink attack in an archive. (CVE-2015-1038) |
| Additional notes | |
| CVE ID | CVE-2016-2335 CVE-2017-17969 CVE-2015-1038 |
| UCS Bug number | #46245 |
