MDVSA-2010:122 -- Mandriva fastjarID: oval:org.secpod.oval:def:300165 | Date: (C)2012-01-07 (M)2021-11-24 |
Class: PATCH | Family: unix |
A vulnerability has been discovered and corrected in fastjar: Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619 . Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2009.0 |
Mandriva Linux 2009.1 |
Mandriva Linux 2008.0 |