Critical Security Update Required for Keka (7-Zip)

Talk about Keka
Forum rules
Talk about Keka here. For bugs go to Issues.
mr. black
I know Keka
I know Keka
Posts: 1
Joined: Thu May 12, 2016 4:16 am

Critical Security Update Required for Keka (7-Zip)

Postby mr. black » Wed Jun 08, 2016 5:22 am

Hi,

I am a long time user of Keka and have recommended it to many friends.

A critical security vulnerability was recently found in p7zip (a quick ports from 7-Zip), the compression library that Keka is built on.

https://news.slashdot.org/story/16/05/12/2133239/dangerous-7-zip-vulnerabilities-flow-to-top-security-software-tools

p7zip is still under active development but has not yet been updated to include the version 16.xx 7-Zip code (which patches out the vulnerability).

https://sourceforge.net/projects/p7zip/files/p7zip/

Is there anyone still working on Keka that might be able to update the code once a new version of p7zip has been released?

Thanks!

Mr. Black

User avatar
aone
Mr. Keka
Mr. Keka
Posts: 179
Joined: Sun Feb 26, 2012 8:42 pm
Contact:

Re: Critical Security Update Required for Keka (7-Zip)

Postby aone » Sat Jun 18, 2016 7:49 pm

Hi Mr. Black,

I'm aware of this one, I'm always following 7zip and p7zip trackers. As soon as there's a stable p7zip release including this fixes I'll implement them :D
aone ~

therealmarv
I know Keka
I know Keka
Posts: 2
Joined: Fri May 27, 2016 10:19 am

Re: Critical Security Update Required for Keka (7-Zip)

Postby therealmarv » Fri Jul 15, 2016 11:08 am

Hi,
I also asked the people who found that bug if Keka is affected. They say yes:
http://blog.talosintel.com/2016/05/mult ... 8344298928

The good news is:
p7zip 16.02 is now out officially :D :D

https://sourceforge.net/projects/p7zip/

Thanks for building a new Keka version soon!

therealmarv
I know Keka
I know Keka
Posts: 2
Joined: Fri May 27, 2016 10:19 am

Re: Critical Security Update Required for Keka (7-Zip)

Postby therealmarv » Tue Aug 16, 2016 12:36 pm

where is the new Keka version? Keka does not care about security updates, do you? It takes too long...

matt
Keka & Me
Keka & Me
Posts: 6
Joined: Tue Jan 05, 2016 7:54 pm

Re: Critical Security Update Required for Keka (7-Zip)

Postby matt » Thu Aug 18, 2016 11:10 am

As a temporary measure, I've replaced two binaries inside the app with two more recent ones.

keka7z (I renamed official 7za 16.02, keka used old 9.20)
kekaunrar (I renamed official UNRAR 5.40, kaka used old UNRAR 5.20 beta 1)

It's not a perfect fit, and it may break compatibility with some archive types, but it works for the archives I have to process.

To "install" these two new files:
- right click Keka
- choose "Show Package Contents"
- browse to Contents/Resources
- copy keka7z and kekaunrar
- confirm replacement of two older files

http://www.mediafire.com/download/pqhu9 ... pgrade.zip

User avatar
aone
Mr. Keka
Mr. Keka
Posts: 179
Joined: Sun Feb 26, 2012 8:42 pm
Contact:

Re: Critical Security Update Required for Keka (7-Zip)

Postby aone » Mon Aug 22, 2016 7:38 am

Update comming in september... I hope I can do it sooner :(
aone ~

matt
Keka & Me
Keka & Me
Posts: 6
Joined: Tue Jan 05, 2016 7:54 pm

Re: Critical Security Update Required for Keka (7-Zip)

Postby matt » Mon Oct 03, 2016 9:27 am

October now

Any news?

User avatar
aone
Mr. Keka
Mr. Keka
Posts: 179
Joined: Sun Feb 26, 2012 8:42 pm
Contact:

Re: Critical Security Update Required for Keka (7-Zip)

Postby aone » Tue Oct 18, 2016 1:30 pm

Release candidate ready! Get it on beta.kekaosx.com. It has p7zip 16.02 as well as updated Sparkle framework.
aone ~


Return to “Chat”

Who is online

Users browsing this forum: No registered users and 1 guest