-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------ Arch Linux Security Warning ALSW 2007-#6 - ------------------------------------------------------------
Name: unrar Date: 2007-02-14 Severity: Normal Warning #: 2007-#6 - ------------------------------------------------------------ Product Background =================== RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files. Problem Background =================== RAR and UnRAR contain a boundary error when processing password-protected archives that could result in a stack-based buffer overflow. Impact ====== A remote attacker could entice a user to process a specially crafted password-protected archive and execute arbitrary code with the rights of the user uncompressing the archive. Problem Packages =================== - ------------------------------------------------------------------ Package | Repo | Group | Unsafe | Safe | - ------------------------------------------------------------------ unrar current system < 3.7.3 >= 3.7.3 Package Fix =================== Upgrade to unrar 3.7.3. I verify that it isn't a patch for 3.6.x series. Source: http://files4.rarlab.com/rar/unrarsrc-3.7.3.tar.gz Reference(s) =================== http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0855 Contact =================== JJDaNiMoTh (jjdanimoth AT gmail DOT com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF0x8pcJj0HNhER0MRApjRAJ9/wxmOG0ngSEp2P0r79tzcjefJ2gCdEjMC 5Z1ylGXTDyWhbgoNKIVZjHE= =4hOg -----END PGP SIGNATURE----- _______________________________________________ arch mailing list [email protected] http://www.archlinux.org/mailman/listinfo/arch
