MGASA-2023-0107 - Updated unarj packages fix security vulnerability
Publication date: 24 Mar 2023
URL: https://advisories.mageia.org/MGASA-2023-0107.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2004-0947,
CVE-2004-1027
Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute
arbitrary code via an arj archive that contains long filenames.
(CVE-2004-0947)
Directory traversal vulnerability in the -x (extract) command line option
in unarj allows remote attackers to overwrite arbitrary files via an arj
archive with filenames that contain .. (dot dot) sequences. (CVE-2004-1027)
References:
- https://bugs.mageia.org/show_bug.cgi?id=31546
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0947
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1027
SRPMS:
- 8/tainted/unarj-2.65-6.1.mga8.tainted
Mageia 2023-0107: unarj security update
Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames
Summary
Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute
arbitrary code via an arj archive that contains long filenames.
(CVE-2004-0947)
Directory traversal vulnerability in the -x (extract) command line option
in unarj allows remote attackers to overwrite arbitrary files via an arj
archive with filenames that contain .. (dot dot) sequences. (CVE-2004-1027)
References
- https://bugs.mageia.org/show_bug.cgi?id=31546
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0947
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1027
Resolution
MGASA-2023-0107 - Updated unarj packages fix security vulnerability
SRPMS
- 8/tainted/unarj-2.65-6.1.mga8.tainted
Severity
Publication date: 24 Mar 2023
URL: https://advisories.mageia.org/MGASA-2023-0107.html
Type: security
CVE: CVE-2004-0947,
CVE-2004-1027
News
HOWTOs
About Us
Powered By
