MGASA-2015-0150

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0150.html

Import Source

https://advisories.mageia.org/MGASA-2015-0150.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2015-0150

Related

Published

2015-04-15T09:01:28Z

Modified

2015-04-15T08:48:33Z

Summary

Updated arj packages fix security vulnerabilities

Details

Updated arj package fixes security vulnerabilities:

ARJ follows symlinks when unpacking stuff, even the symlinks that were created during the same unpack process, making it vulnerable to a directory traversal (CVE-2015-0556).

To protect from directory traversals, ARJ strips leading slash from the path when unpacking, but this protection can be easily bypassed by adding more than one leading slash to the path (CVE-2015-0557).

ARJ is vulnerable to a buffer overflow when processing a specially crafted arj file (CVE-2015-2782).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / arj

Package

Name: arj
Purl: pkg:rpm/mageia/arj?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.22-9.mga4

Ecosystem specific

{
    "section": "core"
}