Описание
Security update for libmspack
This update for libmspack fixes the following issues:
Security issues fixed:
- CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038)
- CVE-2018-18585: chmd_read_headers accepted a filename that has '\0' as its first or second character (such as the '/\0' name). (bsc#1113039)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
libmspack0-0.0.20060920alpha-74.11.6.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libmspack0-0.0.20060920alpha-74.11.6.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libmspack-devel-0.0.20060920alpha-74.11.6.1
Ссылки
- Link for SUSE-SU-2019:13992-1
- E-Mail link for SUSE-SU-2019:13992-1
- SUSE Security Ratings
- SUSE Bug 1113038
- SUSE Bug 1113039
- SUSE CVE CVE-2018-18584 page
- SUSE CVE CVE-2018-18585 page
Описание
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libmspack0-0.0.20060920alpha-74.11.6.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmspack0-0.0.20060920alpha-74.11.6.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libmspack-devel-0.0.20060920alpha-74.11.6.1
Ссылки
- CVE-2018-18584
- SUSE Bug 1113038
- SUSE Bug 1113039
Описание
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libmspack0-0.0.20060920alpha-74.11.6.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmspack0-0.0.20060920alpha-74.11.6.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libmspack-devel-0.0.20060920alpha-74.11.6.1
Ссылки
- CVE-2018-18585
- SUSE Bug 1113038
- SUSE Bug 1113039