Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Gentoo: GLSA-200806-05 Normal: cbrPager User-Assisted Code Execution

gentoo
Calendar Grey June 16, 2008
Dist Gentoo Esm H88
The inadequate management of file names in cbrPager permits unauthorized code execution, prompting users to upgrade to a more secure release.
Insecure filename usage in cbrPager may allow for the remote execution of arbitrary code.

Summary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gentoo Linux Security Advisory GLSA 200806-05 https://security.gentoo.org/

  Severity: Normal
     Title: cbrPager: User-assisted execution of arbitrary code
      Date: June 16, 2008
      Bugs: #223657
        ID: 200806-05


Synopsis
=======
Insecure filename usage in cbrPager may allow for the remote execution
of arbitrary code.

Background
=========
cbrPager is a comic book pager.

Affected packages
================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-misc/cbrpager < 0.9.17 >= 0.9.17

==========
Mamoru Tasaka discovered that filenames of the image archives are not
properly sanitized before being passed to decompression utilities like
unrar and unzip, which...
Read the Full Advisory
Topics%20covered

Topics Covered

security advisory gentoo code execution normal user-assisted

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo code execution normal user-assisted

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here