GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Fri Sep 28, 2012 1:26 am Post subject: [ GLSA 201209-21 ] fastjar: Directory traversal |
|
|
Gentoo Linux Security Advisory
Title: fastjar: Directory traversal (GLSA 201209-21)
Severity: normal
Exploitable: remote
Date: September 28, 2012
Bug(s): #325557
ID: 201209-21
Synopsis
Two directory traversal vulnerabilities have been found in fastjar,
allowing remote attackers to create or overwrite arbitrary files.
Background
fastjar is a Java archiver written in C.
Affected Packages
Package: app-arch/fastjar
Vulnerable: < 0.98-r1
Unaffected: >= 0.98-r1
Architectures: All supported architectures
Description
Two directory traversal vulnerabilities have been discovered in fastjar.
Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could entice a user to open a specially crafted JAR
file, possibly resulting in the creation or truncation of arbitrary
files.
Workaround
There is no known workaround at this time.
Resolution
All fastjar users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/fastjar-0.98-r1"
|
References
CVE-2010-0831
CVE-2010-2322 |
|