Описание
Security update for libmspack
This update for libmspack fixes the following issues:
Security issues fixed:
- CVE-2019-1010305: Fixed a buffer overflow triggered by a crafted chm file which could have led to information disclosure (bsc#1141680).
- CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038)
- CVE-2018-18585: chmd_read_headers accepted a filename that has '\0' as its first or second character (such as the '/\0' name). (bsc#1113039)
- Fix off-by-one bounds check on CHM PMGI/PMGL chunk numbers and reject empty filenames.
Список пакетов
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
Ссылки
- Link for SUSE-SU-2020:2711-1
- E-Mail link for SUSE-SU-2020:2711-1
- SUSE Security Ratings
- SUSE Bug 1113038
- SUSE Bug 1113039
- SUSE Bug 1130489
- SUSE Bug 1141680
- SUSE CVE CVE-2018-18584 page
- SUSE CVE CVE-2018-18585 page
- SUSE CVE CVE-2019-1010305 page
Описание
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
Затронутые продукты
Ссылки
- CVE-2018-18584
- SUSE Bug 1113038
- SUSE Bug 1113039
Описание
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
Затронутые продукты
Ссылки
- CVE-2018-18585
- SUSE Bug 1113038
- SUSE Bug 1113039
Описание
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.
Затронутые продукты
Ссылки
- CVE-2019-1010305
- SUSE Bug 1141680