On 07/10/2020 02:13 AM, Per Jessen wrote:
Lew Wolfgang wrote:
On 07/09/2020 05:37 AM, Per Jessen wrote:
cagsm wrote:
Anyone know how to solve these issues? For unpacking rar archive, we have 'unrar'. For 7zip, we have 'p7zip' I have a customer who uses Nessus for security scans and it flags the Leap 15.x p7zip as having vulnerabilities. What sort of vulnerabilities might there be in such a utility ?
I don't recall the specifics of the Nessus report, but in general, interpreters are difficult to get right. Buffer overflows caused by specially crafted object files can do it. This for p7zip: https://www.cvedetails.com/vulnerability-list/vendor_id-9220/product_id-3093... Leap 15.0 and 15.1 triggered the finding. I haven't tried 15.2 yet. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org