Tuesday, April 15, 2025

[USN-7438-1] 7-Zip vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEyMDHOTG0YH5UsajI8pSCVQZYHygFAmf+sBQFAwAAAAAACgkQ8pSCVQZYHygu
rA//WZGoJDxKFcelVZ/Mv4G4Lzf7ewS3SOZjIarpXyeWAw6k/JlZXY0gZRtFe6EidbbRIzgzRFKz
iTzsR5PY6NKPgB3Znno/ZKkZgzKPqz6VQ3G5W0BUp2x7oZW3OQ5EgZ5ObBr7534qe4ZJ/d4g9Ys7
MalqRVvqDqYxMAODkDc2QT8/fDVxZrmx0aBIFmDrRlUSdST+t9YDi6iuctWlzn75bdpOVCGu5hbZ
HiGjqQAXO7LCtcWcRZkxgoTvuiSe4iK7Tl6Zo+HOgSBK3VbQDsgbEq7DKBfpCQaM4clkd1XQlYT5
rQW/D3mv4EX2bN5sUyVomCg2/1fjWuoqfh1jSuPvpDol+izTxJ5ddDlvD9Wzid7ajgXNbm6JgBcP
DDz2puEjEpdA9Tkho7ueqjSsszodbtQ58PK4EGy+LHdyfomQAurAwQmBalaaGqXnDvxeSe61jTbv
iJPwFb+NKzlykdFHTBWAJx69tmdRSBzG2gACIC6r3QSOI24psUeoxGk+WD6kA0tx+ebdtiLtMLnD
BLhV5r3QV3kXcNU7OF/2/gNiCXHIjryBxS8x+/+M/ouiOGPu8CP420e6vZsX0ztiAvdGegJVNOw2
Wu36yBzieloHIUXGY1Ly8YlGuCSTTsOQNgr4FC6Hm0qiJrKMJEE8+Q+Z75E/oWd13Mf5Wb4A8zpH
2/w=
=SZOG
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7438-1
April 15, 2025

7zip vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in 7-Zip.

Software Description:
- 7zip: 7-Zip file archiver with a high compression ratio

Details:

Igor Pavlov discovered that 7-Zip had several memory-related issues.
An attacker could possibly use these issues to cause 7-Zip to crash,
resulting in a denial of service, or execute arbitrary code.
(CVE-2023-52168, CVE-2023-52169)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  7zip                            23.01+dfsg-11ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  7zip-standalone                 23.01+dfsg-11ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  7zip                            21.07+dfsg-4ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7438-1
  CVE-2023-52168, CVE-2023-52169

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)