Red Hat Bugzilla – Bug 247599
CVE-2007-3375 lhaca issue might affect lha packages
Last modified: 2007-07-10 09:36:30 EDT
CERT notified us of a flaw in Lhaca LHA Extended Header handling, but on closer
look at the advisory this looks really similar to the code in header.c in lharc
as distributed in older RHEL releases.
We need to look through the lharc code for older RHEL to make sure it is not
vulnerable to this issue.
Marking this bug as private for now, as it isn't public that this might affect
This is fixed in Red Hat packages by lha-114i-sec.patch.
Investigation showed that this was in fact the issue from 2004:
So LHACA appeared to be vulnerable to this issue due to shared codebase.