Fedora 26: 2018-4e657bf5e3 Critical Heap Overflow in Sharutils

The sharutils package contains the GNU shar utilities, a set of tools for

encoding and decoding packages of files (in binary or text format) in

a special plain text format called shell archives (shar). This format can be

sent through e-mail (which can be problematic for regular binary files). The

shar utility supports a wide range of capabilities (compressing, uuencoding,

splitting long files for multi-part mailings, providing check-sums), which

make it very flexible at creating shar files. After the files have been sent,

the unshar tool scans mail messages looking for shar files. Unshar

automatically strips off mail headers and introductory text and then unpacks

the shar files.

This release fixes a heap buffer overflow when processing a shar archive by

unshar tool if the arhive contains overlong lines.

[ 1 ] Bug #1548018 - sharutils: heap-buffer-overflow in find_archive in unshar.c

https://bugzilla.redhat.com/show_bug.cgi?id=1548018

su -c 'dnf upgrade sharutils' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org