Pardus: 2010-109: Cabextract: Multiple
Posted by Benjamin D. Thomas   
Multiple vulnerabilities have been fixed in cabextract.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-109           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-08-11
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
======
Multiple vulnerabilities have been fixed in cabextract.


Description
==========
CVE-2010-2800:

The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers
to cause a denial of service (infinite  loop)  via  a  malformed  MSZIP
archive in a .cab file during a (1) test or (2) extract action, related
to the libmspack library.



CVE-2010-2801:

Integer signedness error in  the  Quantum  decompressor  in  cabextract
before 1.3, when archive test mode is used, allows user-assisted remote
attackers to cause a denial of service (application crash) or  possibly
execute arbitrary code via a crafted Quantum archive in  a  .cab  file,
related to the libmspack library.


Affected packages:

  Pardus 2009:
    cabextract, all before 1.3-4-3


Resolution
=========
There are update(s) for cabextract. You can  update  them  via  Package
Manager or with a single command from console:

    pisi up cabextract

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id910
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2800
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2801

------------------------------------------------------------------------