Advisories ยป MGASA-2023-0107

Updated unarj packages fix security vulnerability

Publication date: 24 Mar 2023
Modification date: 24 Mar 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2004-0947 , CVE-2004-1027

Description

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute
arbitrary code via an arj archive that contains long filenames.
(CVE-2004-0947)
Directory traversal vulnerability in the -x (extract) command line option
in unarj allows remote attackers to overwrite arbitrary files via an arj
archive with filenames that contain .. (dot dot) sequences. (CVE-2004-1027)
                

References

SRPMS

8/tainted