MDVSA-2010:154 -- Mandriva cabextractID: oval:org.secpod.oval:def:300053 | Date: (C)2012-01-07 (M)2021-06-02 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been found and corrected in cabextract: The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service via a malformed MSZIP archive in a .cab file during a test or extract action, related to the libmspack library . Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library . Packages for 2009.0 are provided as of the Extended Maintenance Program
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2010.1 |
Mandriva Linux 2009.0 |
Mandriva Linux 2009.1 |
Mandriva Linux 2008.0 |