Security Advisory: p7zip is vulnerable please remove it!

The p7zip was installed by default, and a vulnerability was reported.

sudo pkg audit -F
vulnxml file up-to-date
p7zip-16.02_3 is vulnerable:
p7zip -- usage of uninitialized memory
CVE: CVE-2018-10115

The p7zip software has not been maintained since 2016. To mitigate, we removed p7zip from the default build, but I can't create an update to remove that package in the user's system.

Please remove p7zip, and if you need 7zip, install the new 7-zip package.

Terminal command:

sudo pkg delete p7zip
sudo pkg install 7-zip

Add new comment

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.


GhostBSD appreciates relationships with its partners: