[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1014-1] libclamunrar security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libclamunrar
Version        : 0.99-0+deb7u2
CVE ID         : CVE-2017-7520
Debian Bug     : #867223

It was discovered that there was an arbitrary code execution vulnerability in
libcamunrar, a library to add unrar support to the Clam anti-virus software.

This was caused by an integer overflow resulting in a negative value of the
``DestPos`` variable, which allows the attacker to write out of bounds when
setting ``Mem[DestPos]``.

For Debian 7 "Wheezy", this issue has been fixed in libclamunrar version
0.99-0+deb7u2.

We recommend that you upgrade your libclamunrar packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlldWl8ACgkQHpU+J9Qx
HliqUBAAruZEl0SjpIAjr3YglzHqsrS/07j82S6tVkK7mtk4BMUgncPt2rhdZwGK
FcdDTZU6BKFK9j4tJh8lPxFUUFqXrL/xlIQkLxBzop2m5VHW0V2dT4lSr3zpbDOD
uMiFj92j1frXvc4FAiB6ZWJ3HZ90VthqycPzDPBuANXiRTRKeD4pCtWiFHPP3OQY
0YSxUrJstMdh6O7SYPDcRbtLW1+Oy/1fC8m7P5pB6x6k5NrXUWk73dHHm8sioJMm
z89zVTy6AkNP/6dsuS9GE+M7GDsK9G7fjek8NpMIvOiln5R7H1SRXZhPzIQkEKPU
P4N9KmdZoUoqBugv4C1tICDS/1OqIrwTpQVmMyBQStR0gnRKslvVHzL7lA0Nwmbe
5tlqtyyE3KTqFzvLYen7eds8s84W1JsUGnkeGGdQfH+s+paLcPkp1tnAgt4bkSqO
6NxQnpgum2hMEA909zNfX4TfHxzMg3je7Qb6wrKyJ/to2/2V+E2pqHGQbdPXaQsl
rOyHaU9XBcDWoOVaxY6y2SlAupMQ1VYIjPycIB7kkGNKgeMD3oz33BMlD86qP453
jSvo4mmOyj6BkdqAba8MKJt6JRvVzx7Xaq3U8ibJx6B3RsMxvubFSbVMOTDe4bxN
HCl4pNdSDWiYyp5etmtR7xLLcOOGVOESC0fY2xd4jxAWqq92ygw=
=MvGv
-----END PGP SIGNATURE-----


Reply to: