--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2155 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2155 2005-02-09 ---------------------------------------------------------------------
Name : sharutils 7.3 Version : sharutils-4.2.1-12.7.x.legacy 9 Version : sharutils-4.2.1-16.9.1.legacy fc1 Version : sharutils-4.2.1-17.2.legacy Summary : The GNU shar utilities for managing shell archives. Description : The sharutils package contains the GNU shar utilities, a set of tools for encoding and decoding packages of files (in binary or text format) in a special plain text format called shell archives (shar). This format can be sent through email (which can be problematic for regular binary files). The shar utility supports a wide range of capabilities (compressing, uuencoding, splitting long files for multi-part mailings, providing checksums), which make it very flexible. After the files have been sent, the unshar tool scans mail messages looking for shar files. Unshar automatically strips off mail headers and introductory text and then unpacks the shar files.
--------------------------------------------------------------------- Update Information:
Updated packages for sharutils which fix security vulnerabilities are now available.
The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format.
Ulf Harnhammar discovered a buffer overflow in shar.c, where the length of data returned by the wc command is not checked. Florian Schilhabel discovered another buffer overflow in unshar.c. Shaun Colley discovered a stack-based buffer overflow vulnerability in the -o command-line option handler. An attacker could exploit these vulnerabilities to execute arbitrary code as the user running one of the sharutils programs.
All users of sharutils should upgrade to these packages, which resolve these issues.
--------------------------------------------------------------------- Changelogs:
* Tue Oct 19 2004 Simon Weller <simon potelweller com> 4.2.1-11.7.x.legacy - Added missed patch for Buffer overflow in handling of -o option - Reference: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123230
* Mon Oct 18 2004 Simon Weller <simon potelweller com> 4.2.1-10.7.x.legacy - Added patch for shar.c buffer overflow - Added patch for unshar.c buffer overflow - Reference: http://www.securityfocus.com/advisories/7268
* Tue Oct 19 2004 Simon Weller <simon potelweller com> 4.2.1-16.9.legacy - Added missed patch for Buffer overflow in handling of -o option - Reference: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123230
* Mon Oct 18 2004 Simon Weller <simon potelweller com> 4.2.1-15.9.legacy - Added patch for shar.c buffer overflow - Added patch for unshar.c buffer overflow - Reference: http://www.securityfocus.com/advisories/7268
* Thu Oct 21 2004 Rob Myers <rob myers gtri gatech edu> 4.2.1-17.1.legacy - add patches for multiple buffer overflows (FL #2155)
--------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums)
Attachment:
signature.asc
Description: OpenPGP digital signature