Updated unarj packages fix security vulnerability
Publication date: 24 Mar 2023Modification date: 24 Mar 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2004-0947 , CVE-2004-1027
Description
Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames. (CVE-2004-0947) Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences. (CVE-2004-1027)
References
SRPMS
8/tainted
- unarj-2.65-6.1.mga8.tainted