Advisories ยป MGASA-2017-0283

Updated libmspack packages fix security vulnerabilities

Publication date: 19 Aug 2017
Modification date: 19 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-6419 , CVE-2017-11423

Description

It was discovered that libmspack incorrectly handled certain malformed CHM
files. A remote attacker could use this issue to cause libmspack to crash,
resulting in a denial of service, or possibly execute arbitrary code
(CVE-2017-6419).

It was discovered that libmspack incorrectly handled certain malformed CAB
files. A remote attacker could use this issue to cause libmspack to crash,
resulting in a denial of service (CVE-2017-11423).
                

References

SRPMS

6/core

5/core