MDVSA-2010:154

Package name

cabextract

Date

2010-08-16

Advisory ID

MDVSA-2010:154

Affected versions

2009.0 x86_64 , MES5 i586 , 2010.1 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.0 i586 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.0 i586 , 2009.1 x86_64 , MES5 x86_64 , 2010.1 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in cabextract:

The MS-ZIP decompressor in cabextract before 1.3 allows remote
attackers to cause a denial of service (infinite loop) via a malformed
MSZIP archive in a .cab file during a test or extract action, related
to the libmspack library (CVE-2010-2800).

Integer signedness error in the Quantum decompressor in cabextract
before 1.3, when archive test mode is used, allows user-assisted
remote attackers to cause a denial of service (application crash)
or possibly execute arbitrary code via a crafted Quantum archive in
a .cab file, related to the libmspack library (CVE-2010-2801).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages provides cabextract 1.3 which is not vulnerable
to these issues.

Updated packages

2009.0 x86_64

 d4fcbcd75ad356e57a499a46a45078d2  2009.0/x86_64/cabextract-1.3-0.1mdv2009.0.x86_64.rpm 
 29f5eccdfafc9dbbdc0dcab535b0931f  2009.0/SRPMS/cabextract-1.3-0.1mdv2009.0.src.rpm

MES5 i586

 7765a24842b38edb510548b0a1011acf  mes5/i586/cabextract-1.3-0.1mdvmes5.1.i586.rpm 
 eed072c21f91ad782545f11fe901affd  mes5/SRPMS/cabextract-1.3-0.1mdvmes5.1.src.rpm

2010.1 i586

 0746bb050b807defdcfaad0fae5833ed  2010.1/i586/cabextract-1.3-0.1mdv2010.1.i586.rpm 
 585184499c728982c8079d518f0bcb89  2010.1/SRPMS/cabextract-1.3-0.1mdv2010.1.src.rpm

2010.0 x86_64

 f33745fe7621d534b80a562ba103f6d2  2010.0/x86_64/cabextract-1.3-0.1mdv2010.0.x86_64.rpm 
 eaf849e2ed85315a9d29b53375bb03e4  2010.0/SRPMS/cabextract-1.3-0.1mdv2010.0.src.rpm

2010.0 i586

 95ded9a24a1970bb2725cc07c0934ecf  2010.0/i586/cabextract-1.3-0.1mdv2010.0.i586.rpm 
 eaf849e2ed85315a9d29b53375bb03e4  2010.0/SRPMS/cabextract-1.3-0.1mdv2010.0.src.rpm

2009.1 i586

 0d36cf43befc69e5b0814d354f7d57b4  2009.1/i586/cabextract-1.3-0.1mdv2009.1.i586.rpm 
 d424f8d01aa76eed08e148119e191cb8  2009.1/SRPMS/cabextract-1.3-0.1mdv2009.1.src.rpm

2009.0 i586

 a73149d41c3d97452a17a7777c4b9776  2009.0/i586/cabextract-1.3-0.1mdv2009.0.i586.rpm 
 29f5eccdfafc9dbbdc0dcab535b0931f  2009.0/SRPMS/cabextract-1.3-0.1mdv2009.0.src.rpm

CS4.0 i586

 a0d9ff34690f1b1e29d018ce65b1e4a4  corporate/4.0/i586/cabextract-1.3-0.1.20060mlcs4.i586.rpm 
 26b233403d57c89c4908873c1ca0a02a  corporate/4.0/SRPMS/cabextract-1.3-0.1.20060mlcs4.src.rpm

2008.0 x86_64

 39aa73d801d3741d73fe1c52a783c59a  2008.0/x86_64/cabextract-1.3-0.1mdv2008.0.x86_64.rpm 
 2d2ce7b41e7132924160bcd4efe976bf  2008.0/SRPMS/cabextract-1.3-0.1mdv2008.0.src.rpm

CS4.0 x86_64

 f7d1e38c772dde29a902b673ae3b13b0  corporate/4.0/x86_64/cabextract-1.3-0.1.20060mlcs4.x86_64.rpm 
 26b233403d57c89c4908873c1ca0a02a  corporate/4.0/SRPMS/cabextract-1.3-0.1.20060mlcs4.src.rpm

2008.0 i586

 06bc69c8c987f02d6eab9748b6b7bec6  2008.0/i586/cabextract-1.3-0.1mdv2008.0.i586.rpm 
 2d2ce7b41e7132924160bcd4efe976bf  2008.0/SRPMS/cabextract-1.3-0.1mdv2008.0.src.rpm

2009.1 x86_64

 78d02c4e90a7c177f3807012c84c2144  2009.1/x86_64/cabextract-1.3-0.1mdv2009.1.x86_64.rpm 
 d424f8d01aa76eed08e148119e191cb8  2009.1/SRPMS/cabextract-1.3-0.1mdv2009.1.src.rpm

MES5 x86_64

 9c1bcac99cd1575a496f9899ac881c57  mes5/x86_64/cabextract-1.3-0.1mdvmes5.1.x86_64.rpm 
 eed072c21f91ad782545f11fe901affd  mes5/SRPMS/cabextract-1.3-0.1mdvmes5.1.src.rpm

2010.1 x86_64

 4f4b1099fe583edd9debeef0172532ec  2010.1/x86_64/cabextract-1.3-0.1mdv2010.1.x86_64.rpm 
 585184499c728982c8079d518f0bcb89  2010.1/SRPMS/cabextract-1.3-0.1mdv2010.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2801
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2800