Описание
Security update for libmspack
This update for libmspack fixes the following issues:
- CVE-2018-18586: Fixed directory traversal in chmextract by adding anti '../' and leading slash protection (bsc#1113040).
Список пакетов
Container rancher/elemental-teal-iso/5.4:latest
libmspack0-0.6-3.14.1
Container rancher/elemental-teal-rt/5.3:latest
libmspack0-0.6-3.14.1
Container rancher/elemental-teal-rt/5.4:latest
libmspack0-0.6-3.14.1
Container rancher/elemental-teal/5.3:latest
libmspack0-0.6-3.14.1
Container rancher/elemental-teal/5.4:latest
libmspack0-0.6-3.14.1
Container suse/sle-micro-rancher/5.2:latest
libmspack0-0.6-3.14.1
Container suse/sle-micro-rancher/5.3:latest
libmspack0-0.6-3.14.1
Container suse/sle-micro-rancher/5.4:latest
libmspack0-0.6-3.14.1
Container suse/sle-micro/5.5:latest
libmspack0-0.6-3.14.1
Image SLES15-SAP-Azure-LI-BYOS-Production
libmspack0-0.6-3.14.1
Image SLES15-SAP-Azure-VLI-BYOS-Production
libmspack0-0.6-3.14.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
libmspack0-0.6-3.14.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
libmspack0-0.6-3.14.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
libmspack0-0.6-3.14.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
libmspack0-0.6-3.14.1
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
libmspack0-0.6-3.14.1
Image SLES15-SP4-CHOST-BYOS-SAP-CCloud
libmspack0-0.6-3.14.1
Image SLES15-SP5-CHOST-BYOS-SAP-CCloud
libmspack0-0.6-3.14.1
SUSE Linux Enterprise Micro 5.0
libmspack0-0.6-3.14.1
SUSE Linux Enterprise Micro 5.1
libmspack0-0.6-3.14.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
libmspack-devel-0.6-3.14.1
libmspack0-0.6-3.14.1
Ссылки
- Link for SUSE-SU-2022:0069-1
- E-Mail link for SUSE-SU-2022:0069-1
- SUSE Security Ratings
- SUSE Bug 1113040
- SUSE CVE CVE-2018-18586 page
Описание
** DISPUTED ** chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application.
Затронутые продукты
Container rancher/elemental-teal-iso/5.4:latest:libmspack0-0.6-3.14.1
Container rancher/elemental-teal-rt/5.3:latest:libmspack0-0.6-3.14.1
Container rancher/elemental-teal-rt/5.4:latest:libmspack0-0.6-3.14.1
Container rancher/elemental-teal/5.3:latest:libmspack0-0.6-3.14.1
Ссылки
- CVE-2018-18586
- SUSE Bug 1113038
- SUSE Bug 1113039
- SUSE Bug 1113040