Mageia alert MGASA-2016-0202 (p7zip)


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2016-0202: Updated p7zip packages fix CVE-2016-2335 
Date:
    	       Sun, 22 May 2016 00:11:59 +0200
Message-ID:
    	       <20160521221159.52A219F752@duvel.mageia.org>
MGASA-2016-0202 - Updated p7zip packages fix CVE-2016-2335

Publication date: 21 May 2016
URL: http://advisories.mageia.org/MGASA-2016-0202.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2016-2335

Description:
Updated p7zip package fixes security vulnerability:

An out of bound read vulnerability exists in the CInArchive::ReadFileItem
method functionality of 7zip for handling UDF files that can lead to denial of
service or code execution (CVE-2016-2335).

References:
- https://bugs.mageia.org/show_bug.cgi?id=18490
- http://www.talosintel.com/reports/TALOS-2016-0094/
- http://blog.talosintel.com/2016/05/multiple-7-zip-vulnera...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2335

SRPMS:
- 5/core/p7zip-9.20.1-6.2.mga5

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2016-0202: Updated p7zip packages fix CVE-2016-2335
Date:		Sun, 22 May 2016 00:11:59 +0200
Message-ID:		<20160521221159.52A219F752@duvel.mageia.org>