Advisories ยป MGASA-2017-0302

Updated unrar packages fix security vulnerabilities

Publication date: 24 Aug 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2012-6706 , CVE-2017-12938 , CVE-2017-12940 , CVE-2017-12941 , CVE-2017-12942

Description

VMSF_DELTA memory corruption (CVE-2012-6706).

Directory traversal issue in UnRAR before 5.5.7 (CVE-2017-12938).

libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the
EncodeFileName::Decode call within the Archive::ReadHeader15 function
(CVE-2017-12940).

libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the
Unpack::Unpack20 function (CVE-2017-12941).

libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the
Unpack::LongLZ function (CVE-2017-12942).
                

References

SRPMS

5/nonfree