Main Restorations Software Audio/Jukebox/MP3 Everything Else Buy/Sell/Trade
Project Announcements Monitor/Video GroovyMAME Merit/JVL Touchscreen Meet Up Retail Vendors
Driving & Racing Woodworking Software Support Forums Consoles Project Arcade Reviews
Automated Projects Artwork Frontend Support Forums Pinball Forum Discussion Old Boards
Raspberry Pi & Dev Board controls.dat Linux Miscellaneous Arcade Wiki Discussion Old Archives
Lightguns Arcade1Up Try the site in https mode Site News

Unread posts | New Replies | Recent posts | Rules | Chatroom | Wiki | File Repository | RSS | Submit news

« previous next »
Pages: [1]
  
Go Down

Author Topic: Upgrade your 7-Zip  (Read 1535 times)

0 Members and 1 Guest are viewing this topic.

DJQuad

  • Trade Count: (0)
  • Jr. Member
  • **
  • Offline Offline
  • Posts: 1
  • Last login:May 26, 2017, 03:35:15 pm
  • I want to build my own arcade controls!
Upgrade your 7-Zip
« on: June 04, 2016, 04:44:23 pm »
Not the biggest deal from a security standpoint as it's very tricky to exploit, but to be safe everyone should update their version of 7-zip (7z) to at least version 16.0 and recompress all 7z files with the patched version.

http://www.zdnet.com/article/severe-7-zip-vulnerabilities-cause-top-security-software-tools-patch-panic/

http://www.bit-tech.net/news/bits/2016/05/12/7-zip-vulnerabilities/1

http://betanews.com/2016/05/16/7-zip-major-vulnerabilities/

This is one bad side effect from open source. When something is popular the bad guys pour through the code for ways to exploit it.
Logged

PL1

  • Global Moderator
  • Trade Count: (+1)
  • Full Member
  • *****
  • Offline Offline
  • Posts: 9671
  • Last login:Today at 05:41:51 am
  • Designated spam hunter
Re: Upgrade your 7-Zip
« Reply #1 on: June 04, 2016, 06:02:08 pm »
Thanks for the heads-up.   :cheers:

Quote from: DJQuad on June 04, 2016, 04:44:23 pm
recompress all 7z files with the patched version.
Where'd you come up with this advice?  :dizzy:

Both the Talos blog post and the articles you linked say the problem is in the 7-Zip application libraries.

The suggested fixes are:
  1. Updating 7-Zip  to v16.0 (or newer)
  2. Updating other programs that use the 7-Zip application libraries if/when patched versions become available

I see no mention of recompressing user-compressed files or any reason why it would be needed.   :dunno


Scott
Logged

Howard_Casto

  • Idiot Police
  • Trade Count: (+1)
  • Full Member
  • ***
  • Offline Offline
  • Posts: 19427
  • Last login:Today at 12:27:54 pm
  • Your Post's Soul is MINE!!! .......Again??
    • The Dragon King
Re: Upgrade your 7-Zip
« Reply #2 on: June 04, 2016, 11:13:23 pm »
Yeah, from what I read the exploits are similar to exploits used to softmod consoles.  The extractor program reads beyond where it should, a buffer overrun occurs and code can be executed in the stack.  So a specially designed 7 zip file opened by an extractor without proper checks is the problem.  If your 7zip files aren't viruses they are fine.  Your advice would be like suggesting everyone erase their wii game saves because a particular smash bros. game save, designed to install the homebrew channel, exists.
Logged

keilmillerjr

  • Trade Count: (+5)
  • Full Member
  • ***
  • Offline Offline
  • Posts: 1847
  • Last login:October 06, 2023, 10:20:39 pm
  • Web Developer.
Re: Upgrade your 7-Zip
« Reply #3 on: June 08, 2016, 03:11:54 am »
Upgrade your grey matter because one day it may matter.
Logged
Pages: [1]
  
Go Up
« previous next »