Updated unrar packages fix security vulnerabilities
Publication date: 24 Aug 2017Modification date: 24 Aug 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2012-6706 , CVE-2017-12938 , CVE-2017-12940 , CVE-2017-12941 , CVE-2017-12942
Description
VMSF_DELTA memory corruption (CVE-2012-6706). Directory traversal issue in UnRAR before 5.5.7 (CVE-2017-12938). libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (CVE-2017-12940). libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function (CVE-2017-12941). libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function (CVE-2017-12942).
References
- https://bugs.mageia.org/show_bug.cgi?id=21134
- https://lists.opensuse.org/opensuse-updates/2017-06/msg00085.html
- http://openwall.com/lists/oss-security/2017/08/18/2
- http://openwall.com/lists/oss-security/2017/08/18/6
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6706
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12938
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12940
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12941
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12942
SRPMS
5/nonfree
- unrar-5.50-1.mga5.nonfree