Updated libmspack/cabextract packages fix security vulnerabilities
Publication date: 17 Nov 2018Modification date: 17 Nov 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-14679 , CVE-2018-14680 , CVE-2018-14681 , CVE-2018-14682 , CVE-2018-18584 , CVE-2018-18585 , CVE-2018-18586
Description
Hanno Böck discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service (CVE-2018-14679, CVE-2018-14680). Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue to execute arbitrary code (CVE-2018-14681). Dmitry Glavatskikh discovered that libmspack incorrectly certain CHM files. An attacker could possibly use this issue to execute arbitrary code (CVE-2018-14682). If a CAB file has a Quantum-compressed datablock with exactly 38912 compressed bytes, cabextract would write exactly one byte beyond its input buffer (CVE-2018-18584). libmspack didn't reject blank CHM filenames that are blank because they have embedded null bytes, not just because they are zero-length (CVE-2018-18585). chmextract didn't protect from absolute/relative pathnames in CHM files (CVE-2018-18586).
References
- https://bugs.mageia.org/show_bug.cgi?id=23365
- https://usn.ubuntu.com/3728-1/
- https://www.openwall.com/lists/oss-security/2018/10/22/1
- https://www.openwall.com/lists/oss-security/2018/10/23/11
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14679
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18584
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18585
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18586
SRPMS
6/core
- libmspack-0.9.1-0.alpha.1.mga6
- cabextract-1.9-1.mga6