Red Hat Bugzilla – Bug 123019
CAN-2004-0234/0235 lha security flaws
Last modified: 2007-11-30 17:10:42 EST
Ulf HÃ¤rnhammar discovered two stack buffer overflows and two directory
traversal flaws in LHA. An attacker could exploit the buffer
overflows by creating a carefully crafted LHA archive in such a way
that arbitrary code would be executed when the archive is tested or
extracted by a victim. CAN-2004-0234. An attacker could exploit the
directory traversal issues to create files as the victim outside of
the expected directory. CAN-2004-0235.
These issues seem to be fixed in FC2t3. You can probably just rebuild
lha-1.14i-14 from FC2 for FC1.
lha.1.14i-12.1 was built into 10-updates-candidate on May05 and will
be available very soon.