[SECURITY] [DLA 1014-1] libclamunrar security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : libclamunrar
Version : 0.99-0+deb7u2
CVE ID : CVE-2017-7520
Debian Bug : #867223
It was discovered that there was an arbitrary code execution vulnerability in
libcamunrar, a library to add unrar support to the Clam anti-virus software.
This was caused by an integer overflow resulting in a negative value of the
``DestPos`` variable, which allows the attacker to write out of bounds when
setting ``Mem[DestPos]``.
For Debian 7 "Wheezy", this issue has been fixed in libclamunrar version
0.99-0+deb7u2.
We recommend that you upgrade your libclamunrar packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlldWl8ACgkQHpU+J9Qx
HliqUBAAruZEl0SjpIAjr3YglzHqsrS/07j82S6tVkK7mtk4BMUgncPt2rhdZwGK
FcdDTZU6BKFK9j4tJh8lPxFUUFqXrL/xlIQkLxBzop2m5VHW0V2dT4lSr3zpbDOD
uMiFj92j1frXvc4FAiB6ZWJ3HZ90VthqycPzDPBuANXiRTRKeD4pCtWiFHPP3OQY
0YSxUrJstMdh6O7SYPDcRbtLW1+Oy/1fC8m7P5pB6x6k5NrXUWk73dHHm8sioJMm
z89zVTy6AkNP/6dsuS9GE+M7GDsK9G7fjek8NpMIvOiln5R7H1SRXZhPzIQkEKPU
P4N9KmdZoUoqBugv4C1tICDS/1OqIrwTpQVmMyBQStR0gnRKslvVHzL7lA0Nwmbe
5tlqtyyE3KTqFzvLYen7eds8s84W1JsUGnkeGGdQfH+s+paLcPkp1tnAgt4bkSqO
6NxQnpgum2hMEA909zNfX4TfHxzMg3je7Qb6wrKyJ/to2/2V+E2pqHGQbdPXaQsl
rOyHaU9XBcDWoOVaxY6y2SlAupMQ1VYIjPycIB7kkGNKgeMD3oz33BMlD86qP453
jSvo4mmOyj6BkdqAba8MKJt6JRvVzx7Xaq3U8ibJx6B3RsMxvubFSbVMOTDe4bxN
HCl4pNdSDWiYyp5etmtR7xLLcOOGVOESC0fY2xd4jxAWqq92ygw=
=MvGv
-----END PGP SIGNATURE-----
Reply to: