blob: 77a96bc31442d8bcfcfd748677fade341a33dc78 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
<define-tag description>LTS security update</define-tag>
<define-tag moreinfo>
<p>Multiple vulnerabilities have been discovered in arj, an open source
version of the arj archiver. The Common Vulnerabilities and Exposures
project identifies the following problems:</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-0556">CVE-2015-0556</a>
<p>Jakub Wilk discovered that arj follows symlinks created during
unpacking of an arj archive. A remote attacker could use this flaw
to perform a directory traversal attack if a user or automated
system were tricked into processing a specially crafted arj archive.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-0557">CVE-2015-0557</a>
<p>Jakub Wilk discovered that arj does not sufficiently protect from
directory traversal while unpacking an arj archive containing file
paths with multiple leading slashes. A remote attacker could use
this flaw to write to arbitrary files if a user or automated system
were tricked into processing a specially crafted arj archive.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2015-2782">CVE-2015-2782</a>
<p>Jakub Wilk and Guillem Jover discovered a buffer overflow
vulnerability in arj. A remote attacker could use this flaw to cause
an application crash or, possibly, execute arbitrary code with the
privileges of the user running arj.</p></li>
</ul>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/lts/security/2015/dla-188.data"
# $Id$
|