Red Hat Bugzilla – Bug 121417
CAN-2004-0234/0235 lha security flaws
Last modified: 2007-11-30 17:07:01 EST
Ulf HÃ¤rnhammar discovered two stack buffer overflows and two directory
traversal flaws in LHA. An attacker could exploit the buffer
overflows by creating a carefully crafted LHA archive in such a way
that arbitrary code would be executed when the archive is tested or
extracted by a victim. CAN-2004-0234. An attacker could exploit the
directory traversal issues to create files as the victim outside of
the expected directory. CAN-2004-0235.
This issue is embargoed until April 29th 2004.
CAN-2004-0234/5 Affects: 3AS 3ES 3WS
CAN-2004-0234/5 Affects: 2.1AS 2.1AW 2.1ES 2.1WS (1.00 of lha, not yet
Mark, why don't you propagate these bugs to Fedora Core as well? I've
been mentioning this before, obviously without result.
If you are not responsible for Fedora Core security, then who is?
Yes; I opened about 10 security bugs into FC1 and FC2 earlier today
for tracking and updated our process document so we do so in the
future. I didn't open one for lha since 1.14i-12.1 was built into
10-updates-candidate on May05 and will be available very soon.
Not opening a bug report because an update will be available soon is
not very transparent. Had I seen one I wouldn't have opened bug 123019...
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.