Mandriva Update For Pan MDVSA-2008:201 (pan) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Pavel Polischouk found a boundary error in the PartsBatch class in the Pan newsreader when processing .nzb files, which could allow remote attackers to cause a denial of serice (application crash) or possibly execute arbitrary code via a crafted .nzb file (CVE-2008-2363). The updated packages have been patched to prevent this issue.

Affected

pan on Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

Severity

Classification

CVE CVE-2008-2363

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:150 (libtiff)
Mandrake Security Advisory MDVSA-2009:131-1 (apr-util)
Mandrake Security Advisory MDVSA-2009:098 (krb5)
Mandrake Security Advisory MDVSA-2009:103 (udev)
Mandrake Security Advisory MDVSA-2009:191 (OpenEXR)

Mandriva Update for pan MDVSA-2008:201 (pan)

Take action and discover your vulnerabilities