[ MDVSA-2015:041 ] cabextract

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:041
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : cabextract
 Date    : February 10, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated cabextract packages fix security vulnerability:
 
 Libmspack, a library to provide compression and decompression of
 some file formats used by Microsoft, is embedded in cabextract. A
 specially crafted cab file can cause cabextract to hang forever. If
 cabextract is exposed to any remotely-controlled user input, this
 issue can cause a denial-of-service (CVE-2014-9556).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9556

007 Software

[ MDVSA-2015:041 ] cabextract

Leave a Reply Cancel reply

Software and Security Information