Red Hat recommends those who use the lha archiving and compression tool update their packages to fix vulnerabilities attackers could exploit to trigger a buffer overflow or execute arbitrary code.
The advisory said researcher Lukasz Wojtow discovered a stack-based buffer overflow in all versions of lha -- an archiving and compression utility for "lharc" format archives -- up to and including version 1.14.
"A carefully created archive could allow an attacker to execute arbitrary code when a victim extracts or tests the archive," Red Hat said. "If a malicious user could trick a victim into passing a specially crafted command line to the lha command, it is possible that arbitrary code could be executed. An updated lha package that fixes a buffer overflow is now available."
The advisory said researcher Thomas Biege discovered another problem: a shell meta character command execution vulnerability in all versions of lha up to and including 1.14.
"An attacker could create a directory with shell meta characters in its name which could lead to arbitrary command execution," Red Hat said.
The advisory recommended users of lha switch to the updated package, which contains "backported" patches that are not vulnerable to these issues. The problems affect the following products:
- Red Hat Desktop (v. 3)
- Red Hat Enterprise Linux AS (v. 3)
- Red Hat Enterprise Linux ES (v. 3)
- Red Hat Enterprise Linux WS (v. 3)