Security
Headlines
HeadlinesLatestCVEs

Headline

Debian Security Advisory 5652-1

Debian Linux Security Advisory 5652-1 - A directory traversal vulnerability was discovered in py7zr, a library and command-line utility to process 7zip archives.

Packet Storm
#vulnerability#linux#debian#java
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5652-1                   [email protected]://www.debian.org/security/                       Moritz MuehlenhoffApril 02, 2024                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : py7zrCVE ID         : CVE-2022-44900A directory traversal vulnerability was discovered in py7zr, a libraryand command-line utility to process 7zip archives.For the oldstable distribution (bullseye), this problem has been fixedin version 0.11.3+dfsg-1+deb11u1.We recommend that you upgrade your py7zr packages.For the detailed security status of py7zr please refer toits security tracker page at:https://security-tracker.debian.org/tracker/py7zrFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYMRY4ACgkQEMKTtsN8Tja00w/+Kfo8CeMftEP0Lx8z1kkRcnnZstkzOg75jCxH9VYJ23gJ3zR3kd54F5+6vTvJ/Hk8hSZq2HovxYnAeyBv/VM/vZKWiyOc7XRvXliTVZockofgMbfxRS4UplYPpJ9m74xRV6zOBKHfZKYsQQOKb4rMdFmSgGB3yd+oPrqaA8sNBAlsAQmV/UWkOR5mNDNiSw5E/s4wUhmVkh8/8XKDqqi6E+icog/BiVf8oEE7tWlpjdko2dD80EeLpNSSK+esheWnhdURxtGoM+zZYyfA42/cQ1dKXYzz2rh1fHl+ZmsT0kOu+19uG25SUEuuXLooXqXt/N2QCSsu3ICWAdX9ExBtaAMRg8lhEgKqjp1KzNON/RX3mn7pLx1Bdxk5u+dU98wqzu4g9YvD4ObypScrtXaXY7XX7OUYquIcsMWRmzXya3Em4DGyNZk7R6IeVFi5r4p76+qhmW+ao6IIW5OqhGVIkEZFMQRo5Cz9p5d67UaEupVWq0UkdQ9X7y00hQ6Xo3HikP1otdsEqB0ZcwEtju1t4air+IDWopKpZsWqiP+Mc9BiRX2RAo8PxrpyIIYDtMDgW2e0dht+AfqmGaQukoHZXTYkaoRLAj2/PlEIr7M8bgstFNvyJ2QqDoPkfFQf+pfo5/yQawk5hFvj9FUMvTl8JZk3ajWIuZgP/9J9lXozNyo==R89L-----END PGP SIGNATURE-----

Related news

Ubuntu Security Notice USN-7030-1

Ubuntu Security Notice 7030-1 - It was discovered that py7zr was vulnerable to path traversal attacks. If a user or automated system were tricked into extracting a specially crafted 7z archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host.

py7zr 0.20.0 Directory Traversal

A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr versions 0.20.0 and earlier allows attackers to read arbitrary files on the local machine via a malicious 7z file extraction.

GHSA-m8xw-9x5x-6vh3: py7zr directory traversal vulnerability

A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.

CVE-2022-44900: Fix sanity check for path traversal attack · miurahr/py7zr@1bb43f1

A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution