Advisories » MGASA-2023-0107

Updated unarj packages fix security vulnerability

Publication date: 24 Mar 2023
Modification date: 24 Mar 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2004-0947 , CVE-2004-1027

Description

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute
arbitrary code via an arj archive that contains long filenames.
(CVE-2004-0947)
Directory traversal vulnerability in the -x (extract) command line option
in unarj allows remote attackers to overwrite arbitrary files via an arj
archive with filenames that contain .. (dot dot) sequences. (CVE-2004-1027)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31546
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0947
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1027

SRPMS

8/tainted

• unarj-2.65-6.1.mga8.tainted