Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Red Hat: RHSA-2005:007-01 Critical: Unarj Buffer Overflow Impact

red hat
Calendar Grey January 12, 2005
Dist Redhat Esm H88
Urgent Debian security notice tackles extensive vulnerabilities found in unarj utility. Ensure your system is patched immediately.
An updated unarj package that fixes a buffer overflow vulnerability and a directory traversal vulnerability is now available.

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

138462 - CAN-2004-0947 buffer overflow in unarj 138835 - CAN-2004-1027 unarj directory traversal issue

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: abb1c235036bd233c437b003a4dbb8c1 unarj-2.43-13.src.rpm

i386: 1b3f6e7e8780f02a7b6038b78f3af8c2 unarj-2.43-13.i386.rpm

ia64: 346187352a1792700194a7c7bd5de83f unarj-2.43-13.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: abb1c235036bd233c437b003a4dbb8c1 unarj-2.43-13.src.rpm

ia64: 346187352a1792700194a7c7bd5de83f unarj-2.43-13.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: abb1c235036bd233c437b003a4dbb8c1 unarj-2.43-13.src.rpm

i386: 1b3f6e7e8780f02a7b6038b78f3af8c2 unarj-2.43-13.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: abb1c235036bd233c437b003a4dbb8c1 unarj-2.43-13.src.rpm

i386: 1b3f6e7e8780f02a7b6038b78f3af8c2 unarj-2.43-13.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

References

https://www.cve.org/CVERecord?id=CAN-2004-0947 https://www.cve.org/CVERecord?id=CAN-2004-1027

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2005:007-01
Issue date: 2005-01-12
Updated on: 2005-01-12
Product: Red Hat Enterprise Linux

Topic

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Red Hat Enterprise Linux WS version 2.1 - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here