ELA-9-1 plexus-archiver security update

Arbitrary file write vulnerability

2018-06-26
Packageplexus-archiver
Version1.0~alpha12-3+deb7u1
Related CVE CVE-2018-1002200

An arbitrary file write vulnerability was discovered in plexus-archiver, the archiver plugin for the Plexus modular compiler system.

A specially-crafted .zip file could overwrite any file on disk, leading to a privilege esclation.

For Debian 7 Wheezy, these problems have been fixed in version 1.0~alpha12-3+deb7u1.

We recommend that you upgrade your plexus-archiver packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/