Mandriva Update For Pan MDVSA-2008:201 (pan) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Pavel Polischouk found a boundary error in the PartsBatch class in the Pan newsreader when processing .nzb files, which could allow remote attackers to cause a denial of serice (application crash) or possibly execute arbitrary code via a crafted .nzb file (CVE-2008-2363). The updated packages have been patched to prevent this issue.

Affected

pan on Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

Severity

Classification

CVE CVE-2008-2363
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:101 (xpdf)
Mandrake Security Advisory MDVSA-2009:116 (gnutls)
Mandrake Security Advisory MDVSA-2009:078 (evolution-data-server)
Mandrake Security Advisory MDVSA-2009:073 (sarg)
Mandrake Security Advisory MDVSA-2009:165 (ghostscript)

Mandriva Update for pan MDVSA-2008:201 (pan)

Take action and discover your vulnerabilities