Advisories » MGASA-2018-0455

Updated libmspack/cabextract packages fix security vulnerabilities

Publication date: 17 Nov 2018
Modification date: 17 Nov 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-14679 , CVE-2018-14680 , CVE-2018-14681 , CVE-2018-14682 , CVE-2018-18584 , CVE-2018-18585 , CVE-2018-18586

Description

Hanno Böck discovered that libmspack incorrectly handled certain CHM
files. An attacker could possibly use this issue to cause a denial of
service (CVE-2018-14679, CVE-2018-14680).

Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ
files. An attacker could possibly use this issue to execute arbitrary
code (CVE-2018-14681).

Dmitry Glavatskikh discovered that libmspack incorrectly certain CHM
files. An attacker could possibly use this issue to execute arbitrary
code (CVE-2018-14682).

If a CAB file has a Quantum-compressed datablock with exactly 38912
compressed bytes, cabextract would write exactly one byte beyond its
input buffer (CVE-2018-18584).

libmspack didn't reject blank CHM filenames that are blank because they
have embedded null bytes, not just because they are zero-length
(CVE-2018-18585).

chmextract didn't protect from absolute/relative pathnames in CHM files
(CVE-2018-18586).
                

References

SRPMS

6/core