Updated libmspack packages fix security vulnerabilities
Publication date: 19 Aug 2017Modification date: 19 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-6419 , CVE-2017-11423
Description
It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2017-6419). It was discovered that libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service (CVE-2017-11423).
References
SRPMS
6/core
- libmspack-0.5-0.2.alpha.1.mga6
5/core
- libmspack-0.5-0.1.alpha.1.mga5