Security Advisory: p7zip is vulnerable please remove it!

Submitted by ericbsd on Sat, 01/15/2022 - 17:52

The p7zip was installed by default, and a vulnerability was reported.

sudo pkg audit -F
vulnxml file up-to-date
p7zip-16.02_3 is vulnerable:
p7zip -- usage of uninitialized memory
CVE: CVE-2018-10115
WWW: https://vuxml.FreeBSD.org/freebsd/942fff11-5ac4-11ec-89ea-c85b76ce9b5a.html

The p7zip software has not been maintained since 2016. To mitigate, we removed p7zip from the default build, but I can't create an update to remove that package in the user's system.

Please remove p7zip, and if you need 7zip, install the new 7-zip package.

Terminal command:

sudo pkg delete p7zip
sudo pkg install 7-zip

Add new comment

More information about text formats
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

Partners

GhostBSD appreciates relationships with its partners:

HoneyGuide