Advisories » MGASA-2015-0086

Updated cabextract packages fix CVE-2015-2060

Publication date: 26 Feb 2015
Modification date: 26 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-2060

Description

A directory traversal issue in cabextract allows writing to locations outside
of the current working directory, when extracting a crafted cab file that
encodes the filenames in a certain manner (CVE-2015-2060).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15318
• http://openwall.com/lists/oss-security/2015/02/18/3
• http://openwall.com/lists/oss-security/2015/02/23/24
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2060

SRPMS

4/core

• cabextract-1.5-1.1.mga4