Mandriva Linux Security Advisory 2010-122 – Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a dot dot in a non-initial pathname component in a filename within a.jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619. Packages for 2008.0 and 2009.0 are provided as of the Extended http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/90861/MDVSA-2010-122.txt
Source: https://packetstormsecurity.com/files/90861/Mandriva-Linux-Security-Advisory-2010-122.html