GLSA-201312-09 : cabextract: Multiple vulnerabilities
Medium Nessus Plugin ID 71453
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201312-09 (cabextract: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in cabextract. Please review the CVE identifiers referenced below for details.
A remote attacker could entice a user to open a specially crafted archive in a .cab file, related to the libmspack library, potentially resulting in arbitrary code execution or a Denial of Service condition.
There is no known workaround at this time.
SolutionAll cabextract users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-arch/cabextract-1.3' NOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 03, 2010. It is likely that your system is already no longer affected by this issue.