Lew Wolfgang wrote:
On 07/10/2020 02:13 AM, Per Jessen wrote:
Lew Wolfgang wrote:
On 07/09/2020 05:37 AM, Per Jessen wrote:
cagsm wrote:
Anyone know how to solve these issues? For unpacking rar archive, we have 'unrar'. For 7zip, we have 'p7zip' I have a customer who uses Nessus for security scans and it flags the Leap 15.x p7zip as having vulnerabilities. What sort of vulnerabilities might there be in such a utility ?
I don't recall the specifics of the Nessus report, but in general, interpreters are difficult to get right. Buffer overflows caused by specially crafted object files can do it.
That I can appreciate - but where is the vulnerability ? I mean, it's a utility like tar, man, cp etc etc - unless it has the DaHoWo trojan embedded? -- Per Jessen, Zürich (23.2°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org