Advisories ยป MGASA-2015-0052

Updated cabextract packages fix CVE-2014-9556

Publication date: 05 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9556

Description

Updated cabextract packages fix security vulnerability:

Libmspack, a library to provide compression and decompression of some file
formats used by Microsoft, is embedded in cabextract. A specially crafted cab
file can cause cabextract to hang forever. If cabextract is exposed to any
remotely-controlled user input, this issue can cause a denial-of-service
(CVE-2014-9556).
                

References

SRPMS

4/core