Test ID:	1.3.6.1.4.1.25623.1.1.10.2018.0362
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2018-0362)
Summary:	The remote host is missing an update for the 'quazip' package(s) announced via the MGASA-2018-0362 advisory.
Description:	Summary: The remote host is missing an update for the 'quazip' package(s) announced via the MGASA-2018-0362 advisory. Vulnerability Insight: Updated quazip packages fix security vulnerability: A vulnerability has been found in the way developers have implemented the archive extraction of files. An arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar,xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. Of course if an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily. This affects multiple libraries that lacks of a high level APIs that provide the archive extraction functionality (CVE-2018-1002209). Affected Software/OS: 'quazip' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-1002209 https://github.com/snyk/zip-slip-vulnerability https://snyk.io/research/zip-slip-vulnerability
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.