Advisories » MGASA-2015-0052

Updated cabextract packages fix CVE-2014-9556

Publication date: 05 Feb 2015
Modification date: 05 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9556

Description

Updated cabextract packages fix security vulnerability:

Libmspack, a library to provide compression and decompression of some file
formats used by Microsoft, is embedded in cabextract. A specially crafted cab
file can cause cabextract to hang forever. If cabextract is exposed to any
remotely-controlled user input, this issue can cause a denial-of-service
(CVE-2014-9556).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15193
• http://lists.opensuse.org/opensuse-updates/2015-02/msg00004.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9556

SRPMS

4/core

• cabextract-1.5-1.mga4