Описание
Security update for libmspack
This update for libmspack fixes the following issues:
- CVE-2018-18586: Add leading slash protection to chmextract. (bsc#1113040)
Список пакетов
SUSE Linux Enterprise Server 12 SP5
libmspack0-0.4-15.13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libmspack0-0.4-15.13.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libmspack-devel-0.4-15.13.1
Ссылки
- Link for SUSE-SU-2022:4287-1
- E-Mail link for SUSE-SU-2022:4287-1
- SUSE Security Ratings
- SUSE Bug 1113040
- SUSE CVE CVE-2018-18586 page
Описание
** DISPUTED ** chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libmspack0-0.4-15.13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:libmspack0-0.4-15.13.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libmspack-devel-0.4-15.13.1
Ссылки
- CVE-2018-18586
- SUSE Bug 1113038
- SUSE Bug 1113039
- SUSE Bug 1113040