[Cucumber-linux-security] unrar (security update is available)
A general purpose desktop and server Linux distribution.
Brought to you by:
z5t1
Menu
▾
▴
[Cucumber-linux-security] unrar (security update is available)
|
From: Z5T1 <z5...@z5...> - 2017-08-18 15:51:28
|
Update Information A security update is available for unrar for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Aug 18 11:17:22 EDT 2017 apps-general/unrar upgraded from 5.5.6 to 5.5.8 to fix CVE-2017-12938, a vulnerability which allowed a specially crafted rar file to bypass directory traversal protection when extracted. Exploitation of this vulnerability could result in overwriting arbitrary files that are writable by the user extracting the rar file. This also patches some out of bounds read and buffer overflow vulnerabilities. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-12938 http://seclists.org/oss-sec/2017/q3/290 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure unrar is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/apps-general/unrar-5.5.8-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/apps-general/unrar-5.5.8-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg unrar-5.5.8-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
