MGASA-2017-0304

Source
https://advisories.mageia.org/MGASA-2017-0304.html
Import Source
https://advisories.mageia.org/MGASA-2017-0304.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2017-0304
Related
Published
2017-08-24T21:18:23Z
Modified
2017-08-24T20:38:36Z
Summary
Updated unrar packages fix security vulnerabilities
Details

Directory traversal issue in UnRAR before 5.5.7 (CVE-2017-12938).

libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (CVE-2017-12940).

libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function (CVE-2017-12941).

libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function (CVE-2017-12942).

References
Credits

Affected packages

Mageia:6 / unrar

Package

Name
unrar
Purl
pkg:rpm/mageia/unrar?distro=mageia-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.50-1.mga6.nonfree

Ecosystem specific

{
    "section": "nonfree"
}