OPENSUSE-SU-2023:0071-1
Vulnerability from csaf_opensuse - Published: 2023-03-14 15:01 - Updated: 2023-03-14 15:01Summary
Security update for peazip
Notes
Title of the patch
Security update for peazip
Description of the patch
This update for peazip fixes the following issues:
peazip was updated to 9.1.0:
* Major restyle in application's look & feel and themes, and many
usability improvements for the file manager, and archiving / extraction screens.
* The scripting engine was refined, with the ability to adapt the syntax
for a specific 7z version at runtime, and to export archive conversion tasks as scripts.
* Support for TAR, Brotli, and Zstandard formats was improved.
* Pea was updated to 1.12, fixing for CVE-2023-24785 (this fixes boo#1208468)
Update to 9.0.0:
BACKEND:
* Pea 1.11.
CODE:
* Fixes, clean up of legacy code.
* Improved speed and memory usage.
FILE MANAGER:
* GUI better adapts to size and preference changes.
* Selecting one of the available tool bars (archive manager, file manager,
image manager) restores its visibility if the Tool bar is hidden.
EXTRACTION and ARCHIVING:
* Added new options for 7z/p7zip backend.
* Improved support for TAR format, and for formats used in combination with TAR.
* Improved support for ZPAQ and *PAQ formats.
* Updated compression preset scripts.
* Updated plugin for PeaZip.
- Update to 8.9.0:
BACKEND
* Pea 1.10
CODE
* Password Manager is now re-set only from Options > Settings >
Privacy, Reset Password Manager link
* Various fixes and improvements
* Correctly displays folder size inside ZIP archives if applicable
* Cleanup of legacy code
* Improved performances and memory management for browsing archives
* Improved opening folders after task completition
* Improved detecting root extraction directory
* Archive conversion procedure now opens target directory only once,
after final compression step
* Task window can now show temporary extraction work path from context
menu right-clicking on input and output links
FILE MANAGER
* Added progress bar while opening archive files supported through 7z
backend; progress indicator is not visible when archive pre-browsing
is disabled in Options > Settings > General, Performance group
* Improved Clipboard panel, can display tems size and modification date
* Improved quick navigation menu (on the left of the Address bar)
* Can now set password/keyfile, and display if a password is set
* Can now display info on current archive / selection / clipboard content
duplicating function of staus bar; the new Info entry is also featured
in main menu, Navigation group
* Can now toggle bookmarks, history, and clipboard views in the Status bar
* Improved Style button
* Right-clicking Style shows main menu as context menu
* Settings is now reachable from Style button in Tool / Address bar
* Updated theming engine
* Address bar color can now be changed separately from Address field color
* Tab bar color has now more options
* Improved existing Themes to take advantage of the new options
* Updated Tuxedo theme
* New Droid theme
EXTRACTION and ARCHIVING
* Changed default working directory to output path, as more consistent
with behavior of similar applications on non-Windows systems
* Added context menu entry for 'Add to separate archives' action, shown
when applicable in file browser screen
* Improved archiving and extraction context menu, to make easier to add
files and folders (or open search) from bookmarks abd history items
* Improved test after archiving
* Empty archives are reported as warnings
* It is now possible to set the sequence of tasks to stop for auto-test
results (otherwise it will stop only in case of error) from Options >
Settings > Advanced
* More information is available clicking status bar string in archive
creation and extraction screens: task type details, temp work path
(if applicable), input zise, output path with total size and free space
- Update to 8.8.0 (boo#1202690):
BACKEND
* 7z 22.01
* Pea 1.09
CODE
* Various fixes and improvements
FILE MANAGER
* Improved GUI for more flexibility to better adapt to multiple environments with different visual styles
EXTRACTION and ARCHIVING
* Added option to test archive after creation, for formats supporting test routine, in Options > Settings, Archive manager tab
* Added timestamp precision option in Archiving screen, Advanced tab, applies to ZIP and TAR/pax formats
* Added timestamp precision option in Archiving screen, Advanced tab, applies to ZIP and TAR/pax formats
* Added options to save owner/group ids and names, available in Archiving screen, Advanced tab
- Set correct category in the desktop file (boo#1202690)
- Update to 8.7.0:
BACKEND
* 7z 22.00
* Pea 1.08
CODE
* Can now optionally check hash of backend binaries called by PeaZip in order to detect modified ones
* Can now optionally hardcode paths of backend binaries, configuration, and non-binary resources directories as absoulte paths at compile time
FILE MANAGER
* Added 'Open in a new tab' to breadcrumb navigation menu
* Can now export content of navigation/search filter as CSV, from column's header menu, and Main menu > Navigation submenu
* CSV separator can now be customised from Options > Settings, General Tab, on the right of Localization selector
* File manager now displays file size and compressed file size of directories inside archives, CRC column displays files and sub-directores count for directories
* Many visual enhancements
EXTRACTION and ARCHIVING
* Can now remember default archive creation action (force new archive, add, update, sync...)
* Improved displaying directory size in archive creation screen: items are now recursively enumerated asynchronously (non blocking) by default, so it is possible to proceed with archiving operations (confirm, cancel, modify parameters...) without needing the input count to be completed
* Re-organized Archive manager settings page in Options > Settings
* For Zpaq format now 'Absolute paths' extraction option is enabled by default (in Advanced tab of extraction screen)
Patchnames
openSUSE-2023-71
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for peazip",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for peazip fixes the following issues:\n\npeazip was updated to 9.1.0:\n\n * Major restyle in application\u0027s look \u0026 feel and themes, and many\n usability improvements for the file manager, and archiving / extraction screens.\n * The scripting engine was refined, with the ability to adapt the syntax\n for a specific 7z version at runtime, and to export archive conversion tasks as scripts.\n * Support for TAR, Brotli, and Zstandard formats was improved.\n * Pea was updated to 1.12, fixing for CVE-2023-24785 (this fixes boo#1208468)\n\nUpdate to 9.0.0:\n\n BACKEND:\n\n * Pea 1.11.\n\n CODE:\n\n * Fixes, clean up of legacy code.\n * Improved speed and memory usage.\n\n FILE MANAGER:\n\n * GUI better adapts to size and preference changes.\n * Selecting one of the available tool bars (archive manager, file manager,\n image manager) restores its visibility if the Tool bar is hidden.\n\n EXTRACTION and ARCHIVING:\n\n * Added new options for 7z/p7zip backend.\n * Improved support for TAR format, and for formats used in combination with TAR.\n * Improved support for ZPAQ and *PAQ formats.\n * Updated compression preset scripts.\n * Updated plugin for PeaZip.\n\n- Update to 8.9.0:\n\n BACKEND\n\n * Pea 1.10\n\n CODE\n\n * Password Manager is now re-set only from Options \u003e Settings \u003e\n Privacy, Reset Password Manager link\n * Various fixes and improvements\n * Correctly displays folder size inside ZIP archives if applicable\n * Cleanup of legacy code\n * Improved performances and memory management for browsing archives\n * Improved opening folders after task completition\n * Improved detecting root extraction directory\n * Archive conversion procedure now opens target directory only once,\n after final compression step\n * Task window can now show temporary extraction work path from context\n menu right-clicking on input and output links\n\n FILE MANAGER\n\n * Added progress bar while opening archive files supported through 7z\n backend; progress indicator is not visible when archive pre-browsing\n is disabled in Options \u003e Settings \u003e General, Performance group\n * Improved Clipboard panel, can display tems size and modification date\n * Improved quick navigation menu (on the left of the Address bar)\n * Can now set password/keyfile, and display if a password is set\n * Can now display info on current archive / selection / clipboard content\n duplicating function of staus bar; the new Info entry is also featured\n in main menu, Navigation group\n * Can now toggle bookmarks, history, and clipboard views in the Status bar\n * Improved Style button\n * Right-clicking Style shows main menu as context menu\n * Settings is now reachable from Style button in Tool / Address bar\n * Updated theming engine\n * Address bar color can now be changed separately from Address field color\n * Tab bar color has now more options\n * Improved existing Themes to take advantage of the new options\n * Updated Tuxedo theme\n * New Droid theme\n\n EXTRACTION and ARCHIVING\n\n * Changed default working directory to output path, as more consistent\n with behavior of similar applications on non-Windows systems\n * Added context menu entry for \u0027Add to separate archives\u0027 action, shown\n when applicable in file browser screen\n * Improved archiving and extraction context menu, to make easier to add\n files and folders (or open search) from bookmarks abd history items\n * Improved test after archiving\n * Empty archives are reported as warnings\n * It is now possible to set the sequence of tasks to stop for auto-test\n results (otherwise it will stop only in case of error) from Options \u003e\n Settings \u003e Advanced\n * More information is available clicking status bar string in archive\n creation and extraction screens: task type details, temp work path\n (if applicable), input zise, output path with total size and free space\n\n- Update to 8.8.0 (boo#1202690):\n\n BACKEND\n\n * 7z 22.01\n * Pea 1.09\n\n CODE\n\n * Various fixes and improvements\n\n FILE MANAGER\n\n * Improved GUI for more flexibility to better adapt to multiple environments with different visual styles\n\n EXTRACTION and ARCHIVING\n\n * Added option to test archive after creation, for formats supporting test routine, in Options \u003e Settings, Archive manager tab\n * Added timestamp precision option in Archiving screen, Advanced tab, applies to ZIP and TAR/pax formats\n * Added timestamp precision option in Archiving screen, Advanced tab, applies to ZIP and TAR/pax formats\n * Added options to save owner/group ids and names, available in Archiving screen, Advanced tab\n\n- Set correct category in the desktop file (boo#1202690)\n\n- Update to 8.7.0:\n\n BACKEND\n\n * 7z 22.00\n * Pea 1.08\n\n CODE\n\n * Can now optionally check hash of backend binaries called by PeaZip in order to detect modified ones\n * Can now optionally hardcode paths of backend binaries, configuration, and non-binary resources directories as absoulte paths at compile time\n\n FILE MANAGER\n\n * Added \u0027Open in a new tab\u0027 to breadcrumb navigation menu\n * Can now export content of navigation/search filter as CSV, from column\u0027s header menu, and Main menu \u003e Navigation submenu\n * CSV separator can now be customised from Options \u003e Settings, General Tab, on the right of Localization selector\n * File manager now displays file size and compressed file size of directories inside archives, CRC column displays files and sub-directores count for directories\n * Many visual enhancements\n\n EXTRACTION and ARCHIVING\n\n * Can now remember default archive creation action (force new archive, add, update, sync...)\n * Improved displaying directory size in archive creation screen: items are now recursively enumerated asynchronously (non blocking) by default, so it is possible to proceed with archiving operations (confirm, cancel, modify parameters...) without needing the input count to be completed\n * Re-organized Archive manager settings page in Options \u003e Settings\n * For Zpaq format now \u0027Absolute paths\u0027 extraction option is enabled by default (in Advanced tab of extraction screen)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2023-71",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2023_0071-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2023:0071-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LZIRA2ZFJZWEVFCSMWHI56CKGCJG2A3D/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2023:0071-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LZIRA2ZFJZWEVFCSMWHI56CKGCJG2A3D/"
},
{
"category": "self",
"summary": "SUSE Bug 1202690",
"url": "https://bugzilla.suse.com/1202690"
},
{
"category": "self",
"summary": "SUSE Bug 1208468",
"url": "https://bugzilla.suse.com/1208468"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24785 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24785/"
}
],
"title": "Security update for peazip",
"tracking": {
"current_release_date": "2023-03-14T15:01:30Z",
"generator": {
"date": "2023-03-14T15:01:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2023:0071-1",
"initial_release_date": "2023-03-14T15:01:30Z",
"revision_history": [
{
"date": "2023-03-14T15:01:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "peazip-9.1.0-bp154.2.3.1.aarch64",
"product": {
"name": "peazip-9.1.0-bp154.2.3.1.aarch64",
"product_id": "peazip-9.1.0-bp154.2.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "peazip-kf5-9.1.0-bp154.2.3.1.noarch",
"product": {
"name": "peazip-kf5-9.1.0-bp154.2.3.1.noarch",
"product_id": "peazip-kf5-9.1.0-bp154.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "peazip-9.1.0-bp154.2.3.1.x86_64",
"product": {
"name": "peazip-9.1.0-bp154.2.3.1.x86_64",
"product_id": "peazip-9.1.0-bp154.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP4",
"product": {
"name": "SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "peazip-9.1.0-bp154.2.3.1.aarch64 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:peazip-9.1.0-bp154.2.3.1.aarch64"
},
"product_reference": "peazip-9.1.0-bp154.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "peazip-9.1.0-bp154.2.3.1.x86_64 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:peazip-9.1.0-bp154.2.3.1.x86_64"
},
"product_reference": "peazip-9.1.0-bp154.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "peazip-kf5-9.1.0-bp154.2.3.1.noarch as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:peazip-kf5-9.1.0-bp154.2.3.1.noarch"
},
"product_reference": "peazip-kf5-9.1.0-bp154.2.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "peazip-9.1.0-bp154.2.3.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:peazip-9.1.0-bp154.2.3.1.aarch64"
},
"product_reference": "peazip-9.1.0-bp154.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "peazip-9.1.0-bp154.2.3.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:peazip-9.1.0-bp154.2.3.1.x86_64"
},
"product_reference": "peazip-9.1.0-bp154.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "peazip-kf5-9.1.0-bp154.2.3.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:peazip-kf5-9.1.0-bp154.2.3.1.noarch"
},
"product_reference": "peazip-kf5-9.1.0-bp154.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24785"
}
],
"notes": [
{
"category": "general",
"text": "An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a denial of service via the End of Archive tag function of the peazip/pea UNPEA feature.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:peazip-9.1.0-bp154.2.3.1.aarch64",
"SUSE Package Hub 15 SP4:peazip-9.1.0-bp154.2.3.1.x86_64",
"SUSE Package Hub 15 SP4:peazip-kf5-9.1.0-bp154.2.3.1.noarch",
"openSUSE Leap 15.4:peazip-9.1.0-bp154.2.3.1.aarch64",
"openSUSE Leap 15.4:peazip-9.1.0-bp154.2.3.1.x86_64",
"openSUSE Leap 15.4:peazip-kf5-9.1.0-bp154.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24785",
"url": "https://www.suse.com/security/cve/CVE-2023-24785"
},
{
"category": "external",
"summary": "SUSE Bug 1208468 for CVE-2023-24785",
"url": "https://bugzilla.suse.com/1208468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:peazip-9.1.0-bp154.2.3.1.aarch64",
"SUSE Package Hub 15 SP4:peazip-9.1.0-bp154.2.3.1.x86_64",
"SUSE Package Hub 15 SP4:peazip-kf5-9.1.0-bp154.2.3.1.noarch",
"openSUSE Leap 15.4:peazip-9.1.0-bp154.2.3.1.aarch64",
"openSUSE Leap 15.4:peazip-9.1.0-bp154.2.3.1.x86_64",
"openSUSE Leap 15.4:peazip-kf5-9.1.0-bp154.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:peazip-9.1.0-bp154.2.3.1.aarch64",
"SUSE Package Hub 15 SP4:peazip-9.1.0-bp154.2.3.1.x86_64",
"SUSE Package Hub 15 SP4:peazip-kf5-9.1.0-bp154.2.3.1.noarch",
"openSUSE Leap 15.4:peazip-9.1.0-bp154.2.3.1.aarch64",
"openSUSE Leap 15.4:peazip-9.1.0-bp154.2.3.1.x86_64",
"openSUSE Leap 15.4:peazip-kf5-9.1.0-bp154.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-14T15:01:30Z",
"details": "moderate"
}
],
"title": "CVE-2023-24785"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…