Jump to content

Advisories MDVSA-2010:154: cabextract


paul
 Share

Recommended Posts

Multiple vulnerabilities has been found and corrected in cabextract:

 

The MS-ZIP decompressor in cabextract before 1.3 allows remote

attackers to cause a denial of service (infinite loop) via a malformed

MSZIP archive in a .cab file during a test or extract action, related

to the libmspack library (CVE-2010-2800).

 

Integer signedness error in the Quantum decompressor in cabextract

before 1.3, when archive test mode is used, allows user-assisted

remote attackers to cause a denial of service (application crash)

or possibly execute arbitrary code via a crafted Quantum archive in

a .cab file, related to the libmspack library (CVE-2010-2801).

 

Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

 

The updated packages provides cabextract 1.3 which is not vulnerable

to these issues.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...