Описание
Security update for libmspack
libmspack was updated to fix several security vulnerabilities.
- Fix null pointer dereference on a crafted CAB. (bsc#934524, CVE-2014-9732)
- Fix denial of service while processing crafted CHM file. (bsc#934525, CVE-2015-4467)
- Fix denial of service while processing crafted CHM file. (bsc#934529, CVE-2015-4472)
- Fix pointer arithmetic overflow during CHM decompression. (bsc#934526, CVE-2015-4469)
- Fix off-by-one buffer over-read in mspack/mszipd.c. (bsc#934527, CVE-2015-4470)
- Fix off-by-one buffer under-read in mspack/lzxd.c. (bsc#934528, CVE-2015-4471)
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP3
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2015:2215-1
- E-Mail link for SUSE-SU-2015:2215-1
- SUSE Security Ratings
- SUSE Bug 934524
- SUSE Bug 934525
- SUSE Bug 934526
- SUSE Bug 934527
- SUSE Bug 934528
- SUSE Bug 934529
- SUSE CVE CVE-2014-9732 page
- SUSE CVE CVE-2015-4467 page
- SUSE CVE CVE-2015-4469 page
- SUSE CVE CVE-2015-4470 page
- SUSE CVE CVE-2015-4471 page
- SUSE CVE CVE-2015-4472 page
Описание
The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive.
Затронутые продукты
Ссылки
- CVE-2014-9732
- SUSE Bug 934524
- SUSE Bug 934533
Описание
The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file.
Затронутые продукты
Ссылки
- CVE-2015-4467
- SUSE Bug 934524
- SUSE Bug 934525
- SUSE Bug 934529
- SUSE Bug 934533
Описание
The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.
Затронутые продукты
Ссылки
- CVE-2015-4469
- SUSE Bug 934524
- SUSE Bug 934526
- SUSE Bug 934529
- SUSE Bug 934533
Описание
Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive.
Затронутые продукты
Ссылки
- CVE-2015-4470
- SUSE Bug 934527
- SUSE Bug 934533
Описание
Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.
Затронутые продукты
Ссылки
- CVE-2015-4471
- SUSE Bug 934528
- SUSE Bug 934533
Описание
Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file.
Затронутые продукты
Ссылки
- CVE-2015-4472
- SUSE Bug 934525
- SUSE Bug 934529
- SUSE Bug 934533