ASUS Radeon RX 7600 STRIX OC review
Corsair RM1200X SHIFT 1200W PSU Review
Intel NUC 13 Pro (Arena Canyon) review
Endorfy Arx 700 Air chassis review
Beelink SER5 Pro (Ryzen 7 5800H) mini PC review
Crucial T700 PCIe 5.0 NVMe SSD Review - 12GB/s
Sapphire Radeon RX 7600 PULSE review
Gainward GeForce RTX 4060 Ti GHOST review
Radeon RX 7600 review
ASUS GeForce RTX 4060 Ti TUF Gaming review
Big Vulnerability hits 7-Zip file archiver - gets patched - Download v18.05
If you use, you can and should download v18.05 of the popular 7-Zip file archiver. The free to use WinZip replacement has a very critical vulnerability for which all it needed was a specially prepped RAR file.
This has been addressed with the release of has been fixed with v18.05, I am highlighting this new v18.05 release this much as this is a pretty bad one as it allows remote execution, based on just a RAR file. The security researcher (landave.io) who discovered the vulnerability informed the developer of 7-Zip on the 6th of March this year. it has patched with the release of 7-Zip 18.05, which not only fixes the vulnerability but also adds ASLR security measures.
7-Zip is one of the most popular archivers available on the web, downloaded nearly 450 million times from Sourceforge alone. All users of 7-Zip are advised to update the software to the latest version, I've made a local mirror on Guru3D, which can be downloaded from here.
> Download
flashmozzg
Senior Member
Posts: 145
Joined: 2013-01-30
Senior Member
Posts: 145
Joined: 2013-01-30
#5543661 Posted on: 05/03/2018 10:19 PM
Another reason to upgrade:
The speed for single-thread LZMA/LZMA2 decoding
was increased by 30% in x64 version and by 3% in x86 version.
7-Zip now can use multi-threading for 7z/LZMA2 decoding,
if there are multiple independent data chunks in LZMA2 stream.
7-Zip now can use multi-threading for xz decoding,
if there are multiple blocks in xz stream.
The speed for LZMA/LZMA2 compressing was increased
by 8% for fastest/fast compression levels and
by 3% for normal/maximum compression levels.
Another reason to upgrade:
The speed for single-thread LZMA/LZMA2 decoding
was increased by 30% in x64 version and by 3% in x86 version.
7-Zip now can use multi-threading for 7z/LZMA2 decoding,
if there are multiple independent data chunks in LZMA2 stream.
7-Zip now can use multi-threading for xz decoding,
if there are multiple blocks in xz stream.
The speed for LZMA/LZMA2 compressing was increased
by 8% for fastest/fast compression levels and
by 3% for normal/maximum compression levels.
nevcairiel
Senior Member
Posts: 853
Joined: 2015-05-19
Senior Member
Posts: 853
Joined: 2015-05-19
#5543691 Posted on: 05/04/2018 01:14 AM
You know its not remote code execution if you have to download a file first and open it locally. Whats with the security people these days.
Obviously something like 7-Zip which is not a persistent service of any kind will likely never be affected by Remote Code Execution, since remote hackers cannot interact with it whatsoever - unless you have a web-service that somehow interacts with 7-Zip (to unpack uploaded files, for example), but thats reaching.
You know its not remote code execution if you have to download a file first and open it locally. Whats with the security people these days.
Obviously something like 7-Zip which is not a persistent service of any kind will likely never be affected by Remote Code Execution, since remote hackers cannot interact with it whatsoever - unless you have a web-service that somehow interacts with 7-Zip (to unpack uploaded files, for example), but thats reaching.
heffeque
Senior Member
Posts: 4334
Joined: 2003-03-03
Senior Member
Posts: 4334
Joined: 2003-03-03
#5543891 Posted on: 05/04/2018 05:29 PM
One day I discovered Chocolatey:
https://chocolatey.org/
Since that day, updates on free software are no longer a concern.
p.s. - 7-Zip is already updated in the repository - It says version 18.5, and not 18.05 (but it's same thing)
I use PatchMyPC. Real handy and easy.
One day I discovered Chocolatey:
https://chocolatey.org/
Since that day, updates on free software are no longer a concern.
p.s. - 7-Zip is already updated in the repository - It says version 18.5, and not 18.05 (but it's same thing)
I use PatchMyPC. Real handy and easy.
wavetrex
Senior Member
Posts: 2039
Joined: 2008-07-16
Senior Member
Posts: 2039
Joined: 2008-07-16
#5543907 Posted on: 05/04/2018 06:05 PM
Nice tool, but that program is a little toy compared to Choco:
"There are 5762 community maintained packages" (currently)
This one is the Windows equivalent of Ubuntu package manager... it can install, uninstall, update software, look for new software in various categories, etc. I a completely different class than that little tool.
Oh, and there is a GUI as well (which I'm using), so I don't mess around with commandline:
https://chocolatey.org/packages/ChocolateyGUI
I use PatchMyPC. Real handy and easy.
Nice tool, but that program is a little toy compared to Choco:
"There are 5762 community maintained packages" (currently)
This one is the Windows equivalent of Ubuntu package manager... it can install, uninstall, update software, look for new software in various categories, etc. I a completely different class than that little tool.
Oh, and there is a GUI as well (which I'm using), so I don't mess around with commandline:
https://chocolatey.org/packages/ChocolateyGUI
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 2039
Joined: 2008-07-16
One day I discovered Chocolatey:
https://chocolatey.org/
Since that day, updates on free software are no longer a concern.
p.s. - 7-Zip is already updated in the repository - It says version 18.5, and not 18.05 (but it's same thing)