sharutils contains two buffer overflow vulnerabilities that could lead to arbitrary code execution.
|Package||app-arch/sharutils on all architectures|
|Affected versions||<= 4.2.1-r9|
|Unaffected versions||>= 4.2.1-r10|
sharutils contains utilities to manage shell archives.
sharutils contains two buffer overflows. Ulf Harnhammar discovered a buffer overflow in shar.c, where the length of data returned by the wc command is not checked. Florian Schilhabel discovered another buffer overflow in unshar.c.
An attacker could exploit these vulnerabilities to execute arbitrary code as the user running one of the sharutils programs.
There is no known workaround at this time.
All sharutils users should upgrade to the latest version:
# emerge sync # emerge -pv ">=app-arch/sharutils-4.2.1-r10" # emerge ">=app-arch/sharutils-4.2.1-r10"
October 01, 2004
May 22, 2006: 02