Mandriva Linux Security Advisory : cabextract (MDVSA-2015:064)
Medium Nessus Plugin ID 82317
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionUpdated cabextract packages fix security vulnerabilities :
Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is embedded in cabextract. A specially crafted cab file can cause cabextract to hang forever. If cabextract is exposed to any remotely-controlled user input, this issue can cause a denial-of-service (CVE-2014-9556).
A directory traversal issue in cabextract allows writing to locations outside of the current working directory, when extracting a crafted cab file that encodes the filenames in a certain manner (CVE-2015-2060).
SolutionUpdate the affected cabextract package.