Fedora Test Update Notification: lha

Jesse Keating jkeating at j2solutions.net
Thu Jun 17 03:40:31 UTC 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-1547
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1547
2004-06-16
- ---------------------------------------------------------------------
 
Name        : lha
Version 7.3 : 1.14i-4.7.3.1.legacy
Summary     : An archiving and compression utility for LHarc format 
archives.
Description :
LHA is an archiving and compression utility for LHarc format archives.
LHA is mostly used in the DOS world, but can be used under Linux to
extract DOS files from LHA archives.
 
Install the lha package if you need to extract DOS files from LHA archives.
 
- ---------------------------------------------------------------------
Update Information:
 
CAN-2004-0234:
Multiple stack-based buffer overflows in the get_header function in 
header.c for LHA 1.14 allow remote attackers or local users to execute 
arbitrary code via long directory or file names in an LHA archive, which 
triggers the overflow when testing or extracting the archive.
 
CAN-2004-0235:
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote 
attackers or local users to create arbitrary files via an LHA archive 
containing filenames with (1) .. sequences or (2) absolute pathnames with 
double leading slashes ("//absolute/path").
- ---------------------------------------------------------------------
Changelog:
 
7.3:
 
* Sat May 01 2004 Jonny Strom <jonny.strom at netikka.fi> 1.14i-4
 
- - fix security vulnerabilities, CAN-2004-0234, CAN-2004-0235
 
* Wed Feb 27 2002 Than Ngo <than at redhat.com> 1.14i-4
 
- - rebuild
 
* Tue Jan 29 2002 Than Ngo <than at redhat.com> 1.14i-3
 
- - rebuild in rawhide
 
- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/redhat/
 
be858cbed37c43d12f2e3c8943fd5aa21331a191  
7.3/updates-testing/SRPMS/lha-1.14i-4.7.3.1.legacy.src.rpm
1809b90634cc098bb86823375f7ff07a00ce0693  
7.3/updates-testing/i386/lha-1.14i-4.7.3.1.legacy.i386.rpm
 
Please note that this update is also available via yum and apt through
the updates-testing channel.  Many people find this an easier
way to apply updates.
- ---------------------------------------------------------------------
- -- 
Jesse Keating RHCE	(http://geek.j2solutions.net)
Fedora Legacy Team	(http://www.fedoralegacy.org)
GPG Public Key		(http://geek.j2solutions.net/jkeating.j2solutions.pub)

Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA0RKv4v2HLvE71NURAgPqAJ9HVCv/UsjmQUKp1Y+oDoUWs3O07wCeLkkY
hMhg834YyHVcgBvidVe5ecA=
=9Cuy
-----END PGP SIGNATURE-----

More information about the fedora-legacy-list mailing list