User: Password:
Subscribe / Log in / New account

Pardus alert 2010-109 (cabextract)

From:  Eren Turkay <>
Subject:  [Pardus-security] [PLSA 2010-109] Cabextract: Multiple Vulnerabilities
Date:  Thu, 12 Aug 2010 23:05:43 +0300 (EEST)
Message-ID:  <>
Archive-link:  Article, Thread

------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-109 ------------------------------------------------------------------------ Date: 2010-08-11 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in cabextract. Description =========== CVE-2010-2800: The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library. CVE-2010-2801: Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library. Affected packages: Pardus 2009: cabextract, all before 1.3-4-3 Resolution ========== There are update(s) for cabextract. You can update them via Package Manager or with a single command from console: pisi up cabextract References ========== * * * ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds