Overview

File _patchinfo of Package patchinfo.6679

<patchinfo incident="6679">
  <issue id="1077978" tracker="bnc">p7zip contains non-free unrar code</issue>
  <issue id="984650" tracker="bnc">VUL-0: CVE-2016-1372: clamav,p7zip: Multiple vulnerabilities when processing crafted 7z files</issue>
  <issue id="1077725" tracker="bnc">VUL-0: CVE-2017-17969: p7zip: heap-based buffer overflow in 7zip/Compress/ShrinkDecoder.cpp can allow an attacker to write arbitrary data and cause a crash</issue>
  <issue id="1077724" tracker="bnc">VUL-0: CVE-2018-5996: p7zip: memory corruption in RAR decompression</issue>
  <issue id="2017-17969" tracker="cve" />
  <issue id="2016-1372" tracker="cve" />
  <issue id="2018-5996" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>kstreitova</packager>
  <description>
  
This update for p7zip fixes the following issues:

Security issues fixed:

- CVE-2016-1372: Fixed multiple vulnerabilities when processing crafted 7z files (bsc#984650)
- CVE-2017-17969: Fixed a heap-based buffer overflow in a shrink decoder (bsc#1077725)
- CVE-2018-5996: Fixed memory corruption in RAR decompression. The complete RAR decoder was removed as it also has license issues (bsc#1077724 bsc#1077978)

</description>
  <summary>Security update for p7zip</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places