Advisories » MGASA-2017-0283

Updated libmspack packages fix security vulnerabilities

Publication date: 19 Aug 2017
Modification date: 19 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-6419 , CVE-2017-11423

Description

It was discovered that libmspack incorrectly handled certain malformed CHM
files. A remote attacker could use this issue to cause libmspack to crash,
resulting in a denial of service, or possibly execute arbitrary code
(CVE-2017-6419).

It was discovered that libmspack incorrectly handled certain malformed CAB
files. A remote attacker could use this issue to cause libmspack to crash,
resulting in a denial of service (CVE-2017-11423).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21556
• https://usn.ubuntu.com/usn/usn-3394-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6419
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11423

SRPMS

6/core

• libmspack-0.5-0.2.alpha.1.mga6

5/core

• libmspack-0.5-0.1.alpha.1.mga5