Summary: | app-arch/{un,}rar- remotely exploitable stack based buffer overflow (CVE-2007-0855) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Carsten Lohrke (RETIRED) <carlo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bernd, chainsaw, gentoo |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2 [glsa] Falco | ||
Package list: | Runtime testing required: | --- |
Description
Carsten Lohrke (RETIRED)
2007-02-11 23:40:05 UTC
Thanks Carsten, this vuln went out of my scope :( base-system, could you bump unrar version 3.7.0 please? thanks rar-3.7.0_beta1 and unrar-3.7.3 now in portage Thanks vapier for the very quick bump, and for unrar too. hi arches, please test and mark stable : rar-3.7.0_beta1 for AMD64 and X86 unrar-3.7.3 for all arches Stable for HPPA. sparc stable. both rar and unrar x86 stable both stable on amd64 ppc stable ppc64 stable this may be the wrong place to report, but i think there is a dependency to glibc 2.4 missing /lib/libc.so.6: version `GLIBC_2.4' not found (required by /opt/bin/rar) i can only use sys-libs/glibc-2.3.6-r5 Portage 2.1.2-r9 (selinux/2005.1/x86/hardened, gcc-3.4.6, glibc-2.3.6-r5, 2.6.18-hardened i686) alpha done GLSA 200702-04, thanks to everybody. ARM, IA64, S390, don't forget to mark stable. arm/ia64/s390 done |