Advisories » MGASA-2018-0111

Updated gcab packages fix security vulnerability

Publication date: 06 Feb 2018
Modification date: 06 Feb 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-5345

Description

It was discovered that gcab is prone to a stack-based buffer overflow
vulnerability when extracting .cab files. An attacker can take advantage
of this flaw to cause a denial-of-service or, potentially the execution
of arbitrary code with the privileges of the user running gcab, if a
specially crafted .cab file is processed (CVE-2018-5345).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22459
• https://www.debian.org/security/2018/dsa-4095
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5345

SRPMS

5/core

• gcab-0.4-6.1.mga5

6/core

• gcab-0.7-1.1.mga6