7-Zip security update

Number: AV16-078
Date: 12 May 2016

Purpose

The purpose of this advisory is to bring attention to a 7-Zip security update.

Assessment

A security update was released for 7-Zip which addresses multiple vulnerabilities. Exploitation of these vulnerabilities may allow for arbitrary remote code execution.

These vulnerabilities also affect the 7-Zip library, which is included with and leveraged by several hardware and software products.

Suggested Action

CCIRC recommends that system administrators identify their affected assets and potential interdependencies with their organization’s critical services, and follow their patch management process accordingly.

References:

Cisco Talos (vulnerability report):
http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html
7-Zip:
http://7-zip.org/download.html

Date modified:: 2018-09-26

Language selection

Search

Purpose

Assessment

Suggested Action

Note to readers

7-Zip security update

Purpose

Assessment

Suggested Action