Security Advisory

Security Advisory: p7zip is vulnerable please remove it!

The p7zip was installed by default, and a vulnerability was reported.

sudo pkg audit -F
vulnxml file up-to-date
p7zip-16.02_3 is vulnerable:
p7zip -- usage of uninitialized memory
CVE: CVE-2018-10115

The p7zip software has not been maintained since 2016. To mitigate, we removed p7zip from the default build, but I can't create an update to remove that package in the user's system.


GhostBSD appreciates relationships with its partners: