Secunia Advisory at http://secunia.com/advisories/12435/
An updated lha package fixes security vulnerability
Last updated on: 2004-09-01
An updated lha package that fixes a buffer overflow is now available.
LHA is an archiving and compression utility for LHarc format archives.
Lukasz Wojtow discovered a stack-based buffer overflow in all versions
of lha up to and including version 1.14. A carefully created archive could
allow an attacker to execute arbitrary code when a victim extracts or tests
the archive. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0769 to this issue.
Buffer overflows were discovered in the command line processing of all
versions of lha up to and including version 1.14. If a malicious user
could trick a victim into passing a specially crafted command line to the
lha command, it is possible that arbitrary code could be executed. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CAN-2004-0771 and CAN-2004-0694 to these issues.
Thomas Biege discovered a shell meta character command execution
vulnerability in all versions of lha up to and including 1.14. An attacker
could create a directory with shell meta characters in its name which could
lead to arbitrary command execution. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0745 to
Users of lha should update to this updated package which contains
backported patches and is not vulnerable to these issues.
Forgot this section of the RH adv:
ok... didn't notice it was an errata by RedHat and it seems to have been dealt with quite a while ago
*** This bug has been marked as a duplicate of 51285 ***
It doesn't appear to be a total duplicate. There are new OSVDB entries and the CAN numbers look kinda new. And Red Hat is patching quite a bit more than the ebuild does at the moment, if I am not mistaken again.
Created attachment 38971 [details, diff]
Red Hat patch 4
Attaching RH patches in reverse order, newest first.
Created attachment 38972 [details, diff]
RH patch 3
Created attachment 38973 [details, diff]
RH patch 2
Created attachment 38975 [details, diff]
RH Patch1: lha-114i-sec.patch
not attached, because it's identical to Gentoo's lha-114i.diff
usata, you fixed it last time, could you have a look ?
We may have patched only part of the issues.
Yes, it looks another vulnerability. I added the patches to lha and released it as lha-114i-r4.
Also I added =app-arch/lha-114i-r2 and =app-arch/lha-114i-r3 to p.mask.
Thanks usata, this is ready for yet another GLSA...