--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2004-2272 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2272 2004-12-02 --------------------------------------------------------------------- Name : unarj Versions : rh7.3: unarj-2.63a-4.0.7.3.1.legacy Versions : rh9: unarj-2.63a-4.0.9.1.legacy Versions : fc1: unarj-2.63a-4.1.1.legacy Summary : An uncompressor for .arj format archive files. Description : The UNARJ program is used to uncompress .arj format archives. The .arj format archive was mostly used on DOS machines. --------------------------------------------------------------------- Update Information: Updated unarj packages that fixes a number of security flaws are now available. A buffer overflow bug has been discovered in unarj when handling long file names contained in an archive. An attacker could create an archive with a specially crafted path which could cause unarj to crash or execute arbitrary instructions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0947 to this issue. Additionally, a path traversal vulnerability exists in unarj which allows an attacker to extract files to the parent ("..") directory. When used recursively, this vulnerability can be used to overwrite critical system files and programs. Users of unarj are advised to upgrade to these errata packages, which contain a backported patch correcting these issues. --------------------------------------------------------------------- Changelogs rh73: * Thu Nov 11 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 2.63a-4.0.7.3.1.legacy - rebuild for rh73 - fixes CAN-2004-0947 (FL #2272) * Wed Nov 10 2004 Lon Hohberger <lhh@xxxxxxxxxx> 2.63a-7 - Fix directory traversal & buffer overflow. #138468 rh9: * Thu Nov 11 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 2.63a-4.0.9.1.legacy - rebuild for rh9 - fixes CAN-2004-0947 (FL #2272) * Wed Nov 10 2004 Lon Hohberger <lhh@xxxxxxxxxx> 2.63a-7 - Fix directory traversal & buffer overflow. #138468 fc1: * Thu Nov 11 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 2.63a-4.1.1.legacy - rebuild for FC1 - fixes CAN-2004-0947 (FL #2272) * Wed Nov 10 2004 Lon Hohberger <lhh@xxxxxxxxxx> 2.63a-7 - Fix directory traversal & buffer overflow. #138468 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 8b07f5d8a514324da4097fa5e5fe45ab693fba54 redhat/7.3/updates-testing/i386/unarj-2.63a-4.0.7.3.1.legacy.i386.rpm 07a12c321015017d0813cb107758df017119d9ac redhat/7.3/updates-testing/SRPMS/unarj-2.63a-4.0.7.3.1.legacy.src.rpm rh9: a6151b99a058e254d76de4fe73b769fe0978f851 redhat/9/updates-testing/i386/unarj-2.63a-4.0.9.1.legacy.i386.rpm b88dc2c7dad960fdf9fe5392ef4715deca699287 redhat/9/updates-testing/SRPMS/unarj-2.63a-4.0.9.1.legacy.src.rpm fc1: ea630f037afc90ab60cc85e230b64e54141535c9 fedora/1/updates-testing/i386/unarj-2.63a-4.1.1.legacy.i386.rpm d44d03bc24fc9459bd0bd4ed42d7802ca53d74c3 fedora/1/updates-testing/SRPMS/unarj-2.63a-4.1.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
