Описание
Security update for libmspack
This update for libmspack fixes the following issues:
- CVE-2018-14681: Bad KWAJ file header extensions could cause a one or two byte overwrite. (bsc#1103032)
- CVE-2018-14682: There is an off-by-one error in the TOLOWER() macro for CHM decompression. (bsc#1103032)
- CVE-2018-14679: There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service. (bsc#1103032)
Список пакетов
Container rancher/elemental-teal-iso/5.4:latest
libmspack0-0.6-3.11.1
Container rancher/elemental-teal-rt/5.3:latest
libmspack0-0.6-3.11.1
Container rancher/elemental-teal-rt/5.4:latest
libmspack0-0.6-3.11.1
Container rancher/elemental-teal/5.3:latest
libmspack0-0.6-3.11.1
Container rancher/elemental-teal/5.4:latest
libmspack0-0.6-3.11.1
Container suse/sle-micro-rancher/5.2:latest
libmspack0-0.6-3.11.1
Container suse/sle-micro-rancher/5.3:latest
libmspack0-0.6-3.11.1
Container suse/sle-micro-rancher/5.4:latest
libmspack0-0.6-3.11.1
Container suse/sle-micro/5.5:latest
libmspack0-0.6-3.11.1
Image SLES15-SAP-Azure-LI-BYOS-Production
libmspack0-0.6-3.11.1
Image SLES15-SAP-Azure-VLI-BYOS-Production
libmspack0-0.6-3.11.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
libmspack0-0.6-3.11.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
libmspack0-0.6-3.11.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
libmspack0-0.6-3.11.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
libmspack0-0.6-3.11.1
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
libmspack0-0.6-3.11.1
Image SLES15-SP4-CHOST-BYOS-SAP-CCloud
libmspack0-0.6-3.11.1
Image SLES15-SP5-CHOST-BYOS-SAP-CCloud
libmspack0-0.6-3.11.1
SUSE Linux Enterprise Micro 5.0
libmspack0-0.6-3.11.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
libmspack-devel-0.6-3.11.1
libmspack0-0.6-3.11.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
libmspack-devel-0.6-3.11.1
libmspack0-0.6-3.11.1
Ссылки
- Link for SUSE-SU-2021:2802-1
- E-Mail link for SUSE-SU-2021:2802-1
- SUSE Security Ratings
- SUSE Bug 1103032
- SUSE CVE CVE-2018-14679 page
- SUSE CVE CVE-2018-14681 page
- SUSE CVE CVE-2018-14682 page
Описание
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
Затронутые продукты
Container rancher/elemental-teal-iso/5.4:latest:libmspack0-0.6-3.11.1
Container rancher/elemental-teal-rt/5.3:latest:libmspack0-0.6-3.11.1
Container rancher/elemental-teal-rt/5.4:latest:libmspack0-0.6-3.11.1
Container rancher/elemental-teal/5.3:latest:libmspack0-0.6-3.11.1
Ссылки
- CVE-2018-14679
- SUSE Bug 1102922
- SUSE Bug 1103032
- SUSE Bug 1103040
Описание
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
Затронутые продукты
Container rancher/elemental-teal-iso/5.4:latest:libmspack0-0.6-3.11.1
Container rancher/elemental-teal-rt/5.3:latest:libmspack0-0.6-3.11.1
Container rancher/elemental-teal-rt/5.4:latest:libmspack0-0.6-3.11.1
Container rancher/elemental-teal/5.3:latest:libmspack0-0.6-3.11.1
Ссылки
- CVE-2018-14681
- SUSE Bug 1102922
- SUSE Bug 1103032
- SUSE Bug 1103040
Описание
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
Затронутые продукты
Container rancher/elemental-teal-iso/5.4:latest:libmspack0-0.6-3.11.1
Container rancher/elemental-teal-rt/5.3:latest:libmspack0-0.6-3.11.1
Container rancher/elemental-teal-rt/5.4:latest:libmspack0-0.6-3.11.1
Container rancher/elemental-teal/5.3:latest:libmspack0-0.6-3.11.1
Ссылки
- CVE-2018-14682
- SUSE Bug 1102922
- SUSE Bug 1103032
- SUSE Bug 1103040