Updated unrar packages fix security vulnerabilities
Publication date: 24 Aug 2017Modification date: 24 Aug 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-12938 , CVE-2017-12940 , CVE-2017-12941 , CVE-2017-12942
Description
Directory traversal issue in UnRAR before 5.5.7 (CVE-2017-12938). libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (CVE-2017-12940). libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function (CVE-2017-12941). libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function (CVE-2017-12942).
References
- https://bugs.mageia.org/show_bug.cgi?id=21563
- http://openwall.com/lists/oss-security/2017/08/18/2
- http://openwall.com/lists/oss-security/2017/08/18/6
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12938
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12940
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12941
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12942
SRPMS
6/nonfree
- unrar-5.50-1.mga6.nonfree