Slackware Advisory SSA:2004-125-01 Lha Update In Bin Package Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2004-125-01.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-125-01

Insight

New bin- packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix buffer overflows and directory traversal vulnerabilities in the 'lha' archive utility. Sites using 'lha' should upgrade to the new bin package right away. More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0235

Severity

Classification

CVE CVE-2004-0234, CVE-2004-0235

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Slackware Advisory SSA:2004-305-01 apache+mod_ssl
Slackware Advisory SSA:2006-340-01 gnupg
Slackware Advisory SSA:2004-133-01 apache
Slackware Advisory SSA:2006-272-02 openssh
Slackware Advisory SSA:2005-251-02 mod_ssl

Slackware Advisory SSA:2004-125-01 lha update in bin package

Take action and discover your vulnerabilities