Mandriva Update For Unzip MDVSA-2008:068 (unzip) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Tavis Ormandy of Google Security discovered an invalid pointer flaw in unzip that could lead to the execution of arbitrary code with the privileges of the user running unzip. The updated packages have been patched to correct this issue.

Affected

unzip on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64

Severity

Classification

CVE CVE-2008-0888
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:009 (kvm)
Mandrake Security Advisory MDVSA-2009:168 (apache)
Mandrake Security Advisory MDVSA-2009:076 (avahi)
Mandrake Security Advisory MDVSA-2009:134 (firefox)
Mandrake Security Advisory MDVSA-2009:014 (mplayer)

Mandriva Update for unzip MDVSA-2008:068 (unzip)

Take action and discover your vulnerabilities