[ MDVSA-2015:201 ] arj

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:201
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : arj
 Date    : April 10, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in arj:
 
 Jakub Wilk discovered that arj follows symlinks created during
 unpacking of an arj archive. A remote attacker could use this flaw
 to perform a directory traversal attack if a user or automated
 system were tricked into processing a specially crafted arj archive
 (CVE-2015-0556).
 
 Jakub Wilk discovered that arj does not sufficiently protect from
 directory traversal while unpacking an arj archive containing
 file paths with multiple leading slashes. A remote attacker

007 Software

Leave a Reply Cancel reply

Software and Security Information