Описание
Security update for libmspack
This update for libmspack fixes the following issues:
Security issues fixed:
- CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038)
- CVE-2018-18585: chmd_read_headers accepted a filename that has '\0' as its first or second character (such as the '/\0' name). (bsc#1113039)
- Fix off-by-one bounds check on CHM PMGI/PMGL chunk numbers and reject empty filenames.
Список пакетов
Container rancher/elemental-teal-iso/5.4:latest
libmspack0-0.6-3.3.11
Container rancher/elemental-teal-rt/5.3:latest
libmspack0-0.6-3.3.11
Container rancher/elemental-teal-rt/5.4:latest
libmspack0-0.6-3.3.11
Container rancher/elemental-teal/5.3:latest
libmspack0-0.6-3.3.11
Container rancher/elemental-teal/5.4:latest
libmspack0-0.6-3.3.11
Container suse/sle-micro-rancher/5.2:latest
libmspack0-0.6-3.3.11
Container suse/sle-micro-rancher/5.3:latest
libmspack0-0.6-3.3.11
Container suse/sle-micro-rancher/5.4:latest
libmspack0-0.6-3.3.11
Container suse/sle-micro/5.5:latest
libmspack0-0.6-3.3.11
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
libmspack0-0.6-3.3.11
Image SLES15-SP4-CHOST-BYOS-SAP-CCloud
libmspack0-0.6-3.3.11
Image SLES15-SP5-CHOST-BYOS-SAP-CCloud
libmspack0-0.6-3.3.11
SUSE Linux Enterprise Module for Basesystem 15
libmspack-devel-0.6-3.3.11
libmspack0-0.6-3.3.11
Ссылки
- Link for SUSE-SU-2019:0748-1
- E-Mail link for SUSE-SU-2019:0748-1
- SUSE Security Ratings
- SUSE Bug 1113038
- SUSE Bug 1113039
- SUSE CVE CVE-2018-18584 page
- SUSE CVE CVE-2018-18585 page
Описание
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
Затронутые продукты
Container rancher/elemental-teal-iso/5.4:latest:libmspack0-0.6-3.3.11
Container rancher/elemental-teal-rt/5.3:latest:libmspack0-0.6-3.3.11
Container rancher/elemental-teal-rt/5.4:latest:libmspack0-0.6-3.3.11
Container rancher/elemental-teal/5.3:latest:libmspack0-0.6-3.3.11
Ссылки
- CVE-2018-18584
- SUSE Bug 1113038
- SUSE Bug 1113039
Описание
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
Затронутые продукты
Container rancher/elemental-teal-iso/5.4:latest:libmspack0-0.6-3.3.11
Container rancher/elemental-teal-rt/5.3:latest:libmspack0-0.6-3.3.11
Container rancher/elemental-teal-rt/5.4:latest:libmspack0-0.6-3.3.11
Container rancher/elemental-teal/5.3:latest:libmspack0-0.6-3.3.11
Ссылки
- CVE-2018-18585
- SUSE Bug 1113038
- SUSE Bug 1113039