1. Topic: Updated sharutils packages that fix several security issues are now available.
The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
3. Problem description: Ulf Harnhammar discovered a buffer overflow in shar.c,
where the length of data returned by the wc command is not checked.
Florian Schilhabel discovered another buffer overflow in unshar.c. Shaun Colley discovered a stack-based
buffer overflow vulnerability in the -o command-line option handler.
An attacker could exploit these vulnerabilities to execute arbitrary code as the user running one of the sharutils programs.
All users of sharutils should upgrade to these packages, which resolve these issues.
Red Hat Linux 7.3: SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/sharutils-4.2.1-12.7.x.legacy.src.rpm i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sharutils-4.2.1-12.7.x.legacy.i386.rpm
Red Hat Linux 9:
SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/sharutils-4.2.1-16.9.1.legacy.src.rpm i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/sharutils-4.2.1-16.9.1.legacy.i386.rpm
Fedora Core 1: SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/sharutils-4.2.1-17.2.legacy.src.rpm i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/sharutils-4.2.1-17.2.legacy.i386.rpm
http://www.securityfocus.com/advisories/7268
project details at http://www.fedoralegacy.org
관련 링크: http://www.fedoralegacy.org
The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
3. Problem description: Ulf Harnhammar discovered a buffer overflow in shar.c,
where the length of data returned by the wc command is not checked.
Florian Schilhabel discovered another buffer overflow in unshar.c. Shaun Colley discovered a stack-based
buffer overflow vulnerability in the -o command-line option handler.
An attacker could exploit these vulnerabilities to execute arbitrary code as the user running one of the sharutils programs.
All users of sharutils should upgrade to these packages, which resolve these issues.
Red Hat Linux 7.3: SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/sharutils-4.2.1-12.7.x.legacy.src.rpm i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sharutils-4.2.1-12.7.x.legacy.i386.rpm
Red Hat Linux 9:
SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/sharutils-4.2.1-16.9.1.legacy.src.rpm i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/sharutils-4.2.1-16.9.1.legacy.i386.rpm
Fedora Core 1: SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/sharutils-4.2.1-17.2.legacy.src.rpm i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/sharutils-4.2.1-17.2.legacy.i386.rpm
http://www.securityfocus.com/advisories/7268
project details at http://www.fedoralegacy.org
관련 링크: http://www.fedoralegacy.org
'Security' 카테고리의 다른 글
util-linux and mount packages fix security issue (0) | 2006.01.12 |
---|---|
php security update (1) | 2005.07.13 |
zip & unarj security issue, (0) | 2005.02.03 |
KorWeblog 1.6.2 directory traversal vulnerability (0) | 2004.12.01 |
Possible Buffer Overrun in smbd (0) | 2004.12.01 |