Slackware Advisory SSA:2004-125-01 Lha Update In Bin Package Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2004-125-01.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-125-01

Insight

New bin- packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix buffer overflows and directory traversal vulnerabilities in the 'lha' archive utility. Sites using 'lha' should upgrade to the new bin package right away. More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0235

Severity

Classification

CVE CVE-2004-0234, CVE-2004-0235
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Slackware Advisory SSA:2003-213-01 KDE packages updated
Slackware Advisory SSA:2005-242-01 PCRE library
Slackware Advisory SSA:2005-210-01 telnet client
Slackware Advisory SSA:2004-161-01 cvs
Slackware Advisory SSA:2004-223-01 Mozilla

Slackware Advisory SSA:2004-125-01 lha update in bin package

Take action and discover your vulnerabilities