Fedora Legacy Test Update Notification: unarj
Marc Deslauriers
marcdeslauriers at videotron.ca
Fri Dec 3 13:07:01 UTC 2004
---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2004-2272
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2272
2004-12-02
---------------------------------------------------------------------
Name : unarj
Versions : rh7.3: unarj-2.63a-4.0.7.3.1.legacy
Versions : rh9: unarj-2.63a-4.0.9.1.legacy
Versions : fc1: unarj-2.63a-4.1.1.legacy
Summary : An uncompressor for .arj format archive files.
Description :
The UNARJ program is used to uncompress .arj format archives. The .arj
format archive was mostly used on DOS machines.
---------------------------------------------------------------------
Update Information:
Updated unarj packages that fixes a number of security flaws are now
available.
A buffer overflow bug has been discovered in unarj when handling long
file names contained in an archive. An attacker could create an archive
with a specially crafted path which could cause unarj to crash or
execute arbitrary instructions. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0947 to
this issue.
Additionally, a path traversal vulnerability exists in unarj which
allows an attacker to extract files to the parent ("..") directory. When
used recursively, this vulnerability can be used to overwrite critical
system files and programs.
Users of unarj are advised to upgrade to these errata packages, which
contain a backported patch correcting these issues.
---------------------------------------------------------------------
Changelogs
rh73:
* Thu Nov 11 2004 Rob Myers <rob.myers at gtri.gatech.edu>
2.63a-4.0.7.3.1.legacy
- rebuild for rh73
- fixes CAN-2004-0947 (FL #2272)
* Wed Nov 10 2004 Lon Hohberger <lhh at redhat.com> 2.63a-7
- Fix directory traversal & buffer overflow. #138468
rh9:
* Thu Nov 11 2004 Rob Myers <rob.myers at gtri.gatech.edu>
2.63a-4.0.9.1.legacy
- rebuild for rh9
- fixes CAN-2004-0947 (FL #2272)
* Wed Nov 10 2004 Lon Hohberger <lhh at redhat.com> 2.63a-7
- Fix directory traversal & buffer overflow. #138468
fc1:
* Thu Nov 11 2004 Rob Myers <rob.myers at gtri.gatech.edu>
2.63a-4.1.1.legacy
- rebuild for FC1
- fixes CAN-2004-0947 (FL #2272)
* Wed Nov 10 2004 Lon Hohberger <lhh at redhat.com> 2.63a-7
- Fix directory traversal & buffer overflow. #138468
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
rh7.3:
8b07f5d8a514324da4097fa5e5fe45ab693fba54
redhat/7.3/updates-testing/i386/unarj-2.63a-4.0.7.3.1.legacy.i386.rpm
07a12c321015017d0813cb107758df017119d9ac
redhat/7.3/updates-testing/SRPMS/unarj-2.63a-4.0.7.3.1.legacy.src.rpm
rh9:
a6151b99a058e254d76de4fe73b769fe0978f851
redhat/9/updates-testing/i386/unarj-2.63a-4.0.9.1.legacy.i386.rpm
b88dc2c7dad960fdf9fe5392ef4715deca699287
redhat/9/updates-testing/SRPMS/unarj-2.63a-4.0.9.1.legacy.src.rpm
fc1:
ea630f037afc90ab60cc85e230b64e54141535c9
fedora/1/updates-testing/i386/unarj-2.63a-4.1.1.legacy.i386.rpm
d44d03bc24fc9459bd0bd4ed42d7802ca53d74c3
fedora/1/updates-testing/SRPMS/unarj-2.63a-4.1.1.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20041203/e2afffed/attachment.sig>
More information about the fedora-legacy-list
mailing list