Debian Security Advisory 3289-1

Debian Security Advisory 3289-1: Posted Jun 15, 2015; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3289-1 - Alexander Cherepanov discovered that p7zip is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current directory.; tags | advisory; systems | linux, debian; advisories | CVE-2015-1038; SHA-256 | 4be0daf5b3f39172c01e0cf01217ee23e5f5eceee2070d75eb05fb357f095125; Download | Favorite | View

Debian Security Advisory 3289-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3289-1                   security@debian.org
https://www.debian.org/security/                            Ben Hutchings
June 15, 2015                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : p7zip
CVE ID         : CVE-2015-1038
Debian Bug     : 774660

Alexander Cherepanov discovered that p7zip is susceptible to a
directory traversal vulnerability.  While extracting an archive, it
will extract symlinks and then follow them if they are referenced in
further entries.  This can be exploited by a rogue archive to write
files outside the current directory.

For the oldstable distribution (wheezy), this problem has been fixed
in version 9.20.1~dfsg.1-4+deb7u1.

For the stable distribution (jessie), this problem has been fixed in
version 9.20.1~dfsg.1-4.1+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 9.20.1~dfsg.1-4.2.

We recommend that you upgrade your p7zip packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVfwdnAAoJEAVMuPMTQ89E7nsP/A48ZX8CcFIp18rrQfVlnm7F
eJoczO/lFXnzGuSmpLkgC5T0qWlLQkoi8SwUwH4HlIHrXNTTBMg5OhynxeKzZEXE
GS/m9gyXpQfHOEp4uXLzuF9+GejTucSdolOmbj7ibiSHpvc2/k/vTjBOEz+pFtTU
jElwPO0xk7+vqL30MuOb4z3+ljKiMoKlbEXur0wqQJEASnJR/Y0BBwQVgP6Vomvr
uV5NhnILC7T0dn6W8SCIlH6l+PH3am9ZSU7ZIis34CqJj1/kTidh1Yx08m5VteSk
hcoUpprI9GxBlpAUnZpGeQzNF339q3fu79oqn/QPmN8eS+nxR5iz5LlF3Qkf7uNI
hBBDayoVuXvc+cYnNzbCQlsX1SujRB+T0YY7FmG3lmINsAVhZxPdzb33Y/bz/PTy
aeyPbLV5JRacs6Cf3ohQkx5OLGMWYS68GlYlJ6Vl8nXy3bZQs0SliJ0Yrw8qeN/+
Bs/mCuGwFmAtIil51eO6hgK7DyPmg4F0wQ8cYlDdd+9lwjwpJhsv78HEL9Fwes+0
6TMO+/bklwXl6MXlBRplKgH71qY3TSXLB42b1V8k1WtmvOZabbPR8qGYUyk4KNTl
FRh0tSYLJBNBDKIHbBauzwFDSwt4Nim/f9RvGtzCiaMAmjEnz5lORwDcxOohYGBK
eLbOWitv060If2LLga6c
=/lLN
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Debian Security Advisory 3289-1

Debian Security Advisory 3289-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3289-1

Share This

Debian Security Advisory 3289-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems