Summary: | <app-arch/unrar-5.5.5-r1: VMSF_DELTA filter in unrar allows arbitrary memory write (CVE-2012-6706) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system, sudormrfhalt, whissi |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&can=1&q=unrar&desc=6 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=622382 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
app-arch/unrar-5.5.5-r1
|
Runtime testing required: | --- |
Bug Depends on: | 628182 | ||
Bug Blocks: | 622380 |
Description
Hanno Böck
2017-06-20 19:06:43 UTC
Now in repository via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dabe9845e2f4b38d214b8cc1e27f0a43680eb39c UnRAR v5.5.5 is RAR 5.50 beta 4 so app-arch/rar is probably affected as well. @ Arches, please test and mark stable: =app-arch/unrar-5.5.5 amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Repository is now clean (https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f84896cce4b495bcf147fd493e815d5106f7aa76). New GLSA request filed. Oops, we need more than just amd64/x86 -- mixed with app-arch/rar. @ Arches, please test and mark stable: =app-arch/unrar-5.5.5 Package was rev bumped to downgrade EAPI back to EAPI=5. So please continue with =app-arch/unrar-5.5.5-r1. Stable on alpha. ia64 stable arm stable sparc stable ppc stable ppc64 stable Arches or maintainers please stabilize for hppa ASAP. Security will release GLSA for this in 7 days with or without hppa arch being stable. Superseded by bug 628182. This issue was resolved and addressed in GLSA 201708-05 at https://security.gentoo.org/glsa/201708-05 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening because hppa wasn't done yet. This issue was resolved and addressed in GLSA 201709-24 at https://security.gentoo.org/glsa/201709-24 by GLSA coordinator Aaron Bauman (b-man). |