Security update for p7zip
This update for p7zip fixes the following security issues:
- CVE-2016-1372: Fixed multiple vulnerabilities when processing crafted 7z files (bsc#984650)
- CVE-2017-17969: Fixed a heap-based buffer overflow in a shrink decoder (bsc#1077725)
- CVE-2018-5996: Fixed memory corruption in RAR decompression. The complete RAR decoder was removed as it also has license issues (bsc#1077724 bsc#1077978)
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Kristyna Streitova (kstreitova)
Fixed bugs
bnc#1077978
p7zip contains non-free unrar code
bnc#984650
VUL-0: CVE-2016-1372: clamav,p7zip: Multiple vulnerabilities when processing crafted 7z files
bnc#1077725
VUL-0: CVE-2017-17969: p7zip: heap-based buffer overflow in 7zip/Compress/ShrinkDecoder.cpp can allow an attacker to write arbitrary data and cause a crash
bnc#1077724
VUL-0: CVE-2018-5996: p7zip: memory corruption in RAR decompression
