PSA: If you use 7-Zip, update it.

If it's not ZDoom, it goes here.
Kinsie
Posts: 7293
Joined: Fri Oct 22, 2004 9:22 am
Discord: Find Me...
Twitch ID: thekinsie
Location: MAP33

PSA: If you use 7-Zip, update it.

Post by Kinsie »

7-Zip Website, So Now You Have No Excuse

7-Zip releases prior to 18.05 (released April 30th) have a security flaw in how they handle RAR files that can potentially lead to arbitrary code execution. Thankfully, there aren't any examples of baddies using this in the wild (yet), but you know the old Benjamin Franklin quote: An ounce of prevention is always better than a pound of having to pay a Bitcoin ransom to decrypt your hard drive. Or something.
Rachael
Admin
Posts: 12855
Joined: Tue Jan 13, 2004 1:31 pm
Discord: Rachael#3767
Twitch ID: madamerachelle
Github ID: madame-rachelle

Re: PSA: If you use 7-Zip, update it.

Post by Rachael »

Thank you for the heads up. :)
Bigger C
Posts: 146
Joined: Fri Feb 02, 2018 6:15 am

Re: PSA: If you use 7-Zip, update it.

Post by Bigger C »

Nice to know they caught it in routine bugtesting rather than an "in the wild" incident!
User avatar
Graf Zahl
Lead GZDoom+Raze Developer
Lead GZDoom+Raze Developer
Posts: 47962
Joined: Sat Jul 19, 2003 10:19 am
Location: Germany

Re: PSA: If you use 7-Zip, update it.

Post by Graf Zahl »

What I find a bit troubling about the whole thing is that 7Zip was built without any of the routine safeguards, apparently for some mistaken sense of 'optimization'.
User avatar
Wiw
Posts: 737
Joined: Thu Jun 11, 2015 1:58 am
Operating System: Windows 10/8.1/8/201x 64-bit
OS Test Version: No (Using Stable Public Version)
Graphics Processor: nVidia with Vulkan support
Location: Everywhere and nowhere.

Re: PSA: If you use 7-Zip, update it.

Post by Wiw »

Should it have given me a set of options called "CRC SHA"?
User avatar
Gollgagh
Posts: 198
Joined: Thu Apr 16, 2015 8:24 am

Re: PSA: If you use 7-Zip, update it.

Post by Gollgagh »

Wiw wrote:Should it have given me a set of options called "CRC SHA"?


Those are just checksum tools for sanity checking if a file has been modified. If you don't normally check those, you can take them out of your context menu from the 7-zip program in Tools > Options... > 7-Zip tab > Context menu items: > uncheck "CRC SHA >".

Return to “Off-Topic”