PatchInstaller - 7-zip in Temporary Files
Problem Description
When installing a patch or hotfix before July 13, 2023, the archive files necessary for installation are retained on the system. This self-extracting archive includes a vulnerable version of 7-Zip (9.20).
These files are no longer necessary after installation and can be removed from the system.
Affected Products
All patches and hotfixes before July 13, 2023.
Solution
The script removes the archive files that remain on the system after a patch or hotfix was installed. Patches and Hotfixes after July 13, 2023 have an updated version of 7-zip and remove the files automaticaly during installation.
The following security vulnerabilities are addressed by the patch:
NVD - CVE-2016-2335 (https://nvd.nist.gov/vuln/detail/CVE-2016-2335)
NVD - CVE-2018-10172 (https://nvd.nist.gov/vuln/detail/CVE-2018-10172)
NVD - CVE-2016-7804 (https://nvd.nist.gov/vuln/detail/CVE-2016-7804)
NVD - CVE-2018-5996 (https://nvd.nist.gov/vuln/detail/CVE-2018-5996)
NVD - CVE-2017-17969 (https://nvd.nist.gov/vuln/detail/CVE-2017-17969)
NVD - CVE-2022-29072 (https://nvd.nist.gov/vuln/detail/CVE-2022-29072)
NVD - CVE-2016-2334 (https://nvd.nist.gov/vuln/detail/CVE-2016-2334)
NVD - CVE-2018-10115 (https://nvd.nist.gov/vuln/detail/CVE-2018-10115)
Download
| Date | 2023-08-31 |
| Information Type | Notifications |
| Information Category | Product Security, Troubleshooting |
Drive innovation forward. Always on the pulse of technology development.
Subscribe to our expert knowledge. Learn from our successful project examples. Keep up to date on simulation and validation. Subscribe to/manage dSPACE direct and aerospace & defense now.