Ulf Härnhammar discovered two stack buffer overflows and two directory traversal flaws in LHA. An attacker could exploit the buffer overflows by creating a carefully crafted LHA archive in such a way that arbitrary code would be executed when the archive is tested or extracted by a victim. CAN-2004-0234. An attacker could exploit the directory traversal issues to create files as the victim outside of the expected directory. CAN-2004-0235. This issue is embargoed until April 29th 2004. CAN-2004-0234/5 Affects: 3AS 3ES 3WS CAN-2004-0234/5 Affects: 2.1AS 2.1AW 2.1ES 2.1WS (1.00 of lha, not yet investigated)
removing embargo
Mark, why don't you propagate these bugs to Fedora Core as well? I've been mentioning this before, obviously without result. If you are not responsible for Fedora Core security, then who is?
Yes; I opened about 10 security bugs into FC1 and FC2 earlier today for tracking and updated our process document so we do so in the future. I didn't open one for lha since 1.14i-12.1 was built into 10-updates-candidate on May05 and will be available very soon.
Not opening a bug report because an update will be available soon is not very transparent. Had I seen one I wouldn't have opened bug 123019...
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-178.html