Fedora 21 Security Update: arj-3.10.22-22.fc21

Resolved Bugs
1178825 – arj: two directory traversal flaws [fedora-all]
1207181 – CVE-2015-2782 arj: free on invalid pointer due to to buffer overflow [fedora-all]
1196753 – arj: buffer overflow write access initiated by a size read from a crafted archive [fedora-all]
1178824 – CVE-2015-0556 CVE-2015-0557 arj: two directory traversal flaws
1207180 – CVE-2015-2782 arj: free on invalid pointer due to to buffer overflow
1196751 – arj: buffer overflow write access initiated by a size read from a crafted archive<br
– Added patch from Debian to avoid free on invalid pointer due to a buffer overflow (#1196751, #1207180)
– Added patch from Debian for symlink directory traversal (#1178824)
– Added patch from Debian to fix the directory traversal via //multiple/leading/slash (#1178824)

Leave a Reply