Fedora

Fedora EPEL 5 Security Update: arj-3.10.22-22.el5

Leave a comment

Resolved Bugs
1178827 – arj: two directory traversal flaws [epel-all]
1207182 – CVE-2015-2782 arj: free on invalid pointer due to to buffer overflow [epel-all]
1196752 – arj: buffer overflow write access initiated by a size read from a crafted archive [epel-all]
1178824 – CVE-2015-0556 CVE-2015-0557 arj: two directory traversal flaws
1207180 – CVE-2015-2782 arj: free on invalid pointer due to to buffer overflow
1196751 – arj: buffer overflow write access initiated by a size read from a crafted archive<br
– Added patch from Debian to avoid free on invalid pointer due to a buffer overflow (#1196751, #1207180)
– Added patch from Debian for symlink directory traversal (#1178824)
– Added patch from Debian to fix the directory traversal via //multiple/leading/slash (#1178824)

Leave a Reply