Build Your Own Arcade Controls Forum
Main => Software Forum => Topic started by: DJQuad on June 04, 2016, 04:44:23 pm
-
Not the biggest deal from a security standpoint as it's very tricky to exploit, but to be safe everyone should update their version of 7-zip (7z) to at least version 16.0 and recompress all 7z files with the patched version.
http://www.zdnet.com/article/severe-7-zip-vulnerabilities-cause-top-security-software-tools-patch-panic/ (http://www.zdnet.com/article/severe-7-zip-vulnerabilities-cause-top-security-software-tools-patch-panic/)
http://www.bit-tech.net/news/bits/2016/05/12/7-zip-vulnerabilities/1 (http://www.bit-tech.net/news/bits/2016/05/12/7-zip-vulnerabilities/1)
http://betanews.com/2016/05/16/7-zip-major-vulnerabilities/ (http://betanews.com/2016/05/16/7-zip-major-vulnerabilities/)
This is one bad side effect from open source. When something is popular the bad guys pour through the code for ways to exploit it.
-
Thanks for the heads-up. :cheers:
recompress all 7z files with the patched version.
Where'd you come up with this advice? :dizzy:
Both the Talos blog post and the articles you linked say the problem is in the 7-Zip application libraries.
The suggested fixes are:
1. Updating 7-Zip to v16.0 (or newer)
2. Updating other programs that use the 7-Zip application libraries if/when patched versions become available
I see no mention of recompressing user-compressed files or any reason why it would be needed. :dunno
Scott
-
Yeah, from what I read the exploits are similar to exploits used to softmod consoles. The extractor program reads beyond where it should, a buffer overrun occurs and code can be executed in the stack. So a specially designed 7 zip file opened by an extractor without proper checks is the problem. If your 7zip files aren't viruses they are fine. Your advice would be like suggesting everyone erase their wii game saves because a particular smash bros. game save, designed to install the homebrew channel, exists.
-
Upgrade your grey matter because one day it may matter.