2405273 – SECURITY p7zip on EPEL8 - CVE-2023-1576

Bug 2405273 - SECURITY p7zip on EPEL8 - CVE-2023-1576

Summary: SECURITY p7zip on EPEL8 - CVE-2023-1576

Keywords:
Status:	NEW
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	p7zip
Sub Component:
Version:	epel8
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Assignee:	Davide Cavalca
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-21 02:50 UTC by Dave B
Modified:	2025-10-21 02:51 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Dave B 2025-10-21 02:50:52 UTC

Description of problem:

For a couple of years, now, p7zip on epel8 has been at 16.02 which is subject to:
CVE-2023-1576

This needs to be patched asap.

Because p7zip doesn't maintain this old vesion, updating to the latest (v25) would be the best option since < 25.00 is also subject to, with PoC available, 
CVE-2025-11001 and CVE-2025-11002 .

Note You need to log in before you can comment on or make changes to this bug.