[Buildroot] [PATCH] unrar: security bump to version 5.5.8
Peter Korsgaard
peter at korsgaard.com
Mon Oct 16 21:51:37 UTC 2017
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> CVE-2017-12938 - UnRAR before 5.5.7 allows remote attackers to bypass a
> directory-traversal protection mechanism via vectors involving a symlink to
> the . directory, a symlink to the .. directory, and a regular file.
> CVE-2017-12940 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
> in the EncodeFileName::Decode call within the Archive::ReadHeader15
> function.
> CVE-2017-12941 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
> in the Unpack::Unpack20 function.
> CVE-2017-12942 - libunrar.a in UnRAR before 5.5.7 has a buffer overflow in
> the Unpack::LongLZ function.
> For more details, see
> http://www.openwall.com/lists/oss-security/2017/08/14/3
> While we're at it, add a hash for the license file.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2017.08.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list