[SECURITY] [DLA 188-1] arj security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : arj
Version : 3.10.22-9+deb6u1
CVE ID : CVE-2015-0556 CVE-2015-0557 CVE-2015-2782
Debian Bug : 774015 774434 774435
Multiple vulnerabilities have been discovered in arj, an open source
version of the arj archiver. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2015-0556
Jakub Wilk discovered that arj follows symlinks created during
unpacking of an arj archive. A remote attacker could use this flaw
to perform a directory traversal attack if a user or automated
system were tricked into processing a specially crafted arj archive.
CVE-2015-0557
Jakub Wilk discovered that arj does not sufficiently protect from
directory traversal while unpacking an arj archive containing file
paths with multiple leading slashes. A remote attacker could use
this flaw to write to arbitrary files if a user or automated system
were tricked into processing a specially crafted arj archive.
CVE-2015-2782
Jakub Wilk and Guillem Jover discovered a buffer overflow
vulnerability in arj. A remote attacker could use this flaw to cause
an application crash or, possibly, execute arbitrary code with the
privileges of the user running arj.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJVJVEeXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHMYAP/ic4WMSgjfftuGb/YNTKPahy
YQwXEE8g5E2uYXrc7XyxvZiPC/CqF+CuadfVICR60PNy7UB4/3Yk0uCyYbz2LPqc
XlBi28yh02l3za6lR9avS9Yp/mHXSi/JoK7eu/XiVE3W4kEdMkftD7C9AYB9gaOS
zKAvVhuyOpC3BNkHafuZuYjhy+Qr7jBg5vVei4x7Ryc0JeRmoSW8yPNZal4+cT/l
27ku/ihEJ4u68qQrvmLm0q9UDHWa2wQTeECToMyIzMiH/z52B1r7qmmpsr2loreg
AMKH2F9QEm/3dtL0Z0/qYILQl8F5Wd+lojcku7YRAniN1F5LidJTuKeTKJi2tAG0
GKrm1e71+9B58aa2s4XwtFAJyL/vO50WzcklxKc8g3aKL4eKygB62kPIB91x5GS1
M1c1OePk8gUxSCMp/IUT9N12qzZq2JFLfR40ELtRFP/5/1lUOBWTmFUAmHpC0Cr+
WQuAyUIPibZlPtZ7kKesqMkR03BFJwBIgpE6ICZkapA5ndXZJB3JIfYaTtGHgPa4
L4AOKZ6WZX6vnPsc+6y5CMUNCVEwhW2d/GThhUT73ToJIEkwCKTIotRVsFw/XC8A
ZBQ8qRmsPSw0ZR1T9Vj/ODUH9U8oIIk7vApBaTZrhwP0taKR2DniDpRKm+HQBmWA
+qs8q1duJAagBIdzsblU
=R816
-----END PGP SIGNATURE-----
Reply to: