Jump to content
Sign in to follow this  
paul

Advisories MDVSA-2010:154: cabextract

Recommended Posts

Multiple vulnerabilities has been found and corrected in cabextract:

 

The MS-ZIP decompressor in cabextract before 1.3 allows remote

attackers to cause a denial of service (infinite loop) via a malformed

MSZIP archive in a .cab file during a test or extract action, related

to the libmspack library (CVE-2010-2800).

 

Integer signedness error in the Quantum decompressor in cabextract

before 1.3, when archive test mode is used, allows user-assisted

remote attackers to cause a denial of service (application crash)

or possibly execute arbitrary code via a crafted Quantum archive in

a .cab file, related to the libmspack library (CVE-2010-2801).

 

Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

 

The updated packages provides cabextract 1.3 which is not vulnerable

to these issues.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...