-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Fedora Test Update Notification FEDORA-2004-1547 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1547 2004-06-16 - --------------------------------------------------------------------- Name : lha Version 7.3 : 1.14i-4.7.3.1.legacy Summary : An archiving and compression utility for LHarc format archives. Description : LHA is an archiving and compression utility for LHarc format archives. LHA is mostly used in the DOS world, but can be used under Linux to extract DOS files from LHA archives. Install the lha package if you need to extract DOS files from LHA archives. - --------------------------------------------------------------------- Update Information: CAN-2004-0234: Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14 allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive. CAN-2004-0235: Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path"). - --------------------------------------------------------------------- Changelog: 7.3: * Sat May 01 2004 Jonny Strom <jonny.strom@xxxxxxxxxx> 1.14i-4 - - fix security vulnerabilities, CAN-2004-0234, CAN-2004-0235 * Wed Feb 27 2002 Than Ngo <than@xxxxxxxxxx> 1.14i-4 - - rebuild * Tue Jan 29 2002 Than Ngo <than@xxxxxxxxxx> 1.14i-3 - - rebuild in rawhide - --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/redhat/ be858cbed37c43d12f2e3c8943fd5aa21331a191 7.3/updates-testing/SRPMS/lha-1.14i-4.7.3.1.legacy.src.rpm 1809b90634cc098bb86823375f7ff07a00ce0693 7.3/updates-testing/i386/lha-1.14i-4.7.3.1.legacy.i386.rpm Please note that this update is also available via yum and apt through the updates-testing channel. Many people find this an easier way to apply updates. - --------------------------------------------------------------------- - -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA0RKv4v2HLvE71NURAgPqAJ9HVCv/UsjmQUKp1Y+oDoUWs3O07wCeLkkY hMhg834YyHVcgBvidVe5ecA= =9Cuy -----END PGP SIGNATURE----- -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
