Security update for p7zip SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1850-1 Final 1 1 2016-07-21T20:58:56Z current 2016-07-21T20:58:56Z 2016-07-21T20:58:56Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for p7zip fix 7zip UDF CInArchive::ReadFileItem code execution vulnerability [boo#979823],[CVE-2016-2335] The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-07/msg00069.html E-Mail link for openSUSE-SU-2016:1850-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings p7zip-9.20.1-10.6.1 The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file. CVE-2016-2335 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-07/msg00069.html https://www.suse.com/security/cve/CVE-2016-2335.html CVE-2016-2335 https://bugzilla.suse.com/979823 SUSE Bug 979823