Mandriva Linux Security Advisory : arj (MDVSA-2015:201)
High Nessus Plugin ID 82736
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionMultiple vulnerabilities has been found and corrected in arj :
Jakub Wilk discovered that arj follows symlinks created during unpacking of an arj archive. A remote attacker could use this flaw to perform a directory traversal attack if a user or automated system were tricked into processing a specially crafted arj archive (CVE-2015-0556).
Jakub Wilk discovered that arj does not sufficiently protect from directory traversal while unpacking an arj archive containing file paths with multiple leading slashes. A remote attacker could use this flaw to write to arbitrary files if a user or automated system were tricked into processing a specially crafted arj archive (CVE-2015-0557).
Jakub Wilk and Guillem Jover discovered a buffer overflow vulnerability in arj. A remote attacker could use this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the user running arj (CVE-2015-2782).
The updated packages provides a solution for these security issues.
SolutionUpdate the affected arj package.