Bugzilla – Bug 979823
VUL-0: CVE-2016-2335: p7zip UDF CInArchive::ReadFileItem Code Execution Vulnerability
Last modified: 2021-06-07 09:55:21 UTC
CVE-2016-2335: 7zip UDF CInArchive::ReadFileItem Code Execution Vulnerability Described on: http://www.talosintel.com/reports/TALOS-2016-0094/ =========== Tested Versions 7-Zip [32] 15.05 beta 7-Zip [64] 9.20 ^^^^^^-- is in all openSUSE versions, including Tumbleweed. (http://software.opensuse.org/package/p7zip)
bugbot adjusting priority
Fixed in 7-Zip 16.00 (2016-05-10) Patch: https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/#1dba (In reply to Mikhail Kasimov from comment #0) > 7-Zip [64] 9.20 > ^^^^^^-- is in all openSUSE version, including Tumbleweed. Please note that we have version 15.14.1 in Tumbleweed [1]. The fix is already on the way to Factory [2]. [1] https://build.opensuse.org/package/show/openSUSE:Factory/p7zip [2] https://build.opensuse.org/request/show/395152
Summary of the submissions: | Codestream | Version | Affected | Request # | |--------------------|---------|----------|-----------| | SUSE:SLE-12:Update | 9.20.1 | yes | #115117 | | openSUSE:13.2 | 9.20.1 | yes | #397731 | | openSUSE:Leap:42.1 | 9.20.1 | yes | via SLE12 | | openSUSE:Factory | 15.14.1 | yes | #395152 | All done, reassigning to the security team.
This is an autogenerated message for OBS integration: This bug (979823) was mentioned in https://build.opensuse.org/request/show/397731 13.2 / p7zip
openSUSE-SU-2016:1464-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 979823 CVE References: CVE-2016-2335 Sources used: openSUSE 13.2 (src): p7zip-9.20.1-12.6.1
SUSE-SU-2016:1593-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 979823 CVE References: CVE-2016-2335 Sources used: SUSE Linux Enterprise Server 12-SP1 (src): p7zip-9.20.1-6.1 SUSE Linux Enterprise Server 12 (src): p7zip-9.20.1-6.1 SUSE Linux Enterprise Desktop 12-SP1 (src): p7zip-9.20.1-6.1 SUSE Linux Enterprise Desktop 12 (src): p7zip-9.20.1-6.1
rekleased
openSUSE-SU-2016:1675-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 979823 CVE References: CVE-2016-2335 Sources used: openSUSE Leap 42.1 (src): p7zip-9.20.1-15.1
This is an autogenerated message for OBS integration: This bug (979823) was mentioned in https://build.opensuse.org/request/show/412356 13.1 / p7zip
openSUSE-SU-2016:1850-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 979823 CVE References: CVE-2016-2335 Sources used: openSUSE 13.1 (src): p7zip-9.20.1-10.6.1