Updated unrar packages fix security vulnerabilities
Publication date: 24 Aug 2017Modification date: 24 Aug 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2012-6706 , CVE-2017-12938 , CVE-2017-12940 , CVE-2017-12941 , CVE-2017-12942
Description
VMSF_DELTA memory corruption (CVE-2012-6706).
Directory traversal issue in UnRAR before 5.5.7 (CVE-2017-12938).
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the
EncodeFileName::Decode call within the Archive::ReadHeader15 function
(CVE-2017-12940).
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the
Unpack::Unpack20 function (CVE-2017-12941).
libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the
Unpack::LongLZ function (CVE-2017-12942).
References
- https://bugs.mageia.org/show_bug.cgi?id=21134
- https://lists.opensuse.org/opensuse-updates/2017-06/msg00085.html
- http://openwall.com/lists/oss-security/2017/08/18/2
- http://openwall.com/lists/oss-security/2017/08/18/6
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6706
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12938
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12940
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12941
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12942
SRPMS
5/nonfree
- unrar-5.50-1.mga5.nonfree