MDKSA-2007:117
- Package name
- lha
- Date
- 2007-06-05
- Advisory ID
- MDKSA-2007:117
- Affected versions
- CS4.0 x86_64 , 2007.0 x86_64 , 2007.1 i586 , 2007.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2007.1 x86_64
Problem description
lharc.c in lha does not securely create temporary files, which might
allow local users to read or write files by creating a file before
LHA is invoked.
Updated packages have been patched to prevent this issue.
Updated packages
CS4.0 x86_64
a8835efff6d4124ede93111512f04685 corporate/4.0/x86_64/lha-1.14i-11.1.20060mlcs4.x86_64.rpm c1448318b2a31a5b6654a12113ef7d70 corporate/4.0/SRPMS/lha-1.14i-11.1.20060mlcs4.src.rpm
2007.0 x86_64
8b9b38a7af95e1c9b2736fad57072055 2007.0/x86_64/lha-1.14i-12.1mdv2007.0.x86_64.rpm e59b67dcbf26ce47367ad72392c02703 2007.0/SRPMS/lha-1.14i-12.1mdv2007.0.src.rpm
2007.1 i586
2939b2af40f5d40ac7825ae8574b578e 2007.1/i586/lha-1.14i-12.1mdv2007.1.i586.rpm fcf1366bdb3b01a0380f2f69a264f5dc 2007.1/SRPMS/lha-1.14i-12.1mdv2007.1.src.rpm
2007.0 i586
1a86c72a37b9b75f20a1846afe078b7c 2007.0/i586/lha-1.14i-12.1mdv2007.0.i586.rpm e59b67dcbf26ce47367ad72392c02703 2007.0/SRPMS/lha-1.14i-12.1mdv2007.0.src.rpm
CS3.0 x86_64
449a040f7019656ef825527791a40255 corporate/3.0/x86_64/lha-1.14i-11.1.C30mdk.x86_64.rpm e7a018aec6d42cf0c5dc04e05fd60d02 corporate/3.0/SRPMS/lha-1.14i-11.1.C30mdk.src.rpm
CS4.0 i586
d1dc05e42fed62f99cfcc17760b345f0 corporate/4.0/i586/lha-1.14i-11.1.20060mlcs4.i586.rpm c1448318b2a31a5b6654a12113ef7d70 corporate/4.0/SRPMS/lha-1.14i-11.1.20060mlcs4.src.rpm
CS3.0 i586
751fdee1c1570cf7ca69e5615d54256a corporate/3.0/i586/lha-1.14i-11.1.C30mdk.i586.rpm e7a018aec6d42cf0c5dc04e05fd60d02 corporate/3.0/SRPMS/lha-1.14i-11.1.C30mdk.src.rpm
2007.1 x86_64
e74b2ff470799f29d4f4ab4abd98cf2e 2007.1/x86_64/lha-1.14i-12.1mdv2007.1.x86_64.rpm fcf1366bdb3b01a0380f2f69a264f5dc 2007.1/SRPMS/lha-1.14i-12.1mdv2007.1.src.rpm