[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2567-1] unrar-free security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2567-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
February 18, 2021                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : unrar-free
Version        : 1:0.0.1+cvs20140707-1+deb9u1
CVE ID         : CVE-2017-14120 CVE-2017-14121 CVE-2017-14122

Several issues have been found in unrar-free, an unarchiver for .rar files.

CVE-2017-14120

    This CVE is related to a directory traversal vulnerability for
    RAR v2 archives.

CVE-2017-14121

    This CVE  is related to NULL pointer dereference flaw triggered
    by a specially crafted RAR archive.

CVE-2017-14122

    This CVE is related to stack-based buffer over-read.


For Debian 9 stretch, these problems have been fixed in version
1:0.0.1+cvs20140707-1+deb9u1.

We recommend that you upgrade your unrar-free packages.

For the detailed security status of unrar-free please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/unrar-free

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmAu8W1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfajRAAlqqeBbRkJrrwqECtHM5q8Czd1VtGlu8zPvhkTDi2+ECG3q3FZm9her07
4jB3H959TwGG4zlJWEMA3i+lFa6M3zJ4qwzB4lZfgH9O6r+VPItwStlT7E6Laysu
9vh9UaE3Wx7PZLg9We4MZt2Rr5kfVwPh33r3Dx22ONUzjXODV4DFshsEjHSOv5hV
jyLniYP+/FSvsf3YYxpdS9WIuSw7EQe0fXkwJv9zKbEstST53UX6Bz6Qs42QkCPP
G2WRavTt0Pgn095j7EK66+Q5x6dDEjxS3iFTArODm/1dm/QqrzKY7Hbb9+77YyWd
2Ey1xXt23YcrhBoLmaZeEn5wt/dDUTb4ps5M8rmbwn22uHqopHLqc3rk9TafU9ed
sihV5hf8eOV/XtmQnbtc72DRkWlGNPSm47b4v1DDoF5VpnPfeHngbC9M2HF7vmfY
CeQXspzaGlGrtUFWTkeeAYkYyPF2KwKTOtVjYAlJFXrr8R4INwHAR4ZIicDfwrRa
FTMhlj3asKVr6TepaKxjdmbzqJYvw67sihZxDSYwUBYJxlbWlPH+yXFDfKpefAa4
6bfjLLKEXDcNH8U3tIexYYAPrt5CMc18AHUwwzK+goqWPpx/ET24hWp27kfzPV46
cYQPLn/rxBDoN4lNxH98i6zIOO0T0SM+FLmj+0G8oNd+Kwebo4M=
=gS+I
-----END PGP SIGNATURE-----


Reply to: