CVE-2015-1038
p7zip - security update
EPSS 3.2%
Description
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
How to fix CVE-2015-1038
To remediate CVE-2015-1038, upgrade the affected package to a fixed version below.
- Debian/p7zip—upgrade to 9.20.1~dfsg.1-4.2 or later
- Debian/p7zip—upgrade to 9.04~dfsg.1-1+deb6u1 or later
- Debian/p7zip—upgrade to 9.20.1~dfsg.1-4+deb7u1 or later
Is CVE-2015-1038 being exploited?
Low — EPSS is 3.2%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 9.20.1~dfsg.1-4.2
- from 0, < 9.04~dfsg.1-1+deb6u1
- from 0, < 9.20.1~dfsg.1-4+deb7u1