Summary: | app-arch/lha: multiple vulnerabilities | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Matthias Geerdsen (RETIRED) <vorlon> | ||||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||||
Status: | RESOLVED FIXED | ||||||||||||
Severity: | normal | CC: | usata | ||||||||||
Priority: | High | ||||||||||||
Version: | unspecified | ||||||||||||
Hardware: | All | ||||||||||||
OS: | All | ||||||||||||
URL: | http://rhn.redhat.com/errata/RHSA-2004-323.html | ||||||||||||
Whiteboard: | B2 [glsa] | ||||||||||||
Package list: | Runtime testing required: | --- | |||||||||||
Attachments: |
|
Description
Matthias Geerdsen (RETIRED)
2004-09-02 06:06:14 UTC
Forgot this section of the RH adv: References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0694 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0769 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0771 http://marc.theaimsgroup.com/?l=bugtraq&m=108668791510153 http://lw.ftw.zamosc.pl/lha-exploit.txt ok... didn't notice it was an errata by RedHat and it seems to have been dealt with quite a while ago *** This bug has been marked as a duplicate of 51285 *** It doesn't appear to be a total duplicate. There are new OSVDB entries and the CAN numbers look kinda new. And Red Hat is patching quite a bit more than the ebuild does at the moment, if I am not mistaken again. Created attachment 38971 [details, diff]
Red Hat patch 4
Attaching RH patches in reverse order, newest first.
Created attachment 38972 [details, diff]
RH patch 3
Created attachment 38973 [details, diff]
RH patch 2
Created attachment 38975 [details, diff]
RH patch
RH Patch1: lha-114i-sec.patch
not attached, because it's identical to Gentoo's lha-114i.diff
usata, you fixed it last time, could you have a look ? We may have patched only part of the issues. Yes, it looks another vulnerability. I added the patches to lha and released it as lha-114i-r4. Also I added =app-arch/lha-114i-r2 and =app-arch/lha-114i-r3 to p.mask. Thanks usata, this is ready for yet another GLSA... GLSA 200409-13 |