openSUSE-SU-2021:1200-1

Опубликовано: 25 авг. 2021

Источник: suse-cvrf

Описание

Security update for libmspack

This update for libmspack fixes the following issues:

CVE-2018-14681: Bad KWAJ file header extensions could cause a one or two byte overwrite. (bsc#1103032)
CVE-2018-14682: There is an off-by-one error in the TOLOWER() macro for CHM decompression. (bsc#1103032)
CVE-2018-14679: There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service. (bsc#1103032)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.2

libmspack-devel-0.6-lp152.6.3.1

libmspack0-0.6-lp152.6.3.1

libmspack0-32bit-0.6-lp152.6.3.1

mspack-tools-0.6-lp152.6.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CB3MRNYWFKRQUSWOFW43J2YAPXGFTDWP/
E-Mail link for openSUSE-SU-2021:1200-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1103032
SUSE Bug 1103032
https://www.suse.com/security/cve/CVE-2018-14679/
SUSE CVE CVE-2018-14679 page
https://www.suse.com/security/cve/CVE-2018-14681/
SUSE CVE CVE-2018-14681 page
https://www.suse.com/security/cve/CVE-2018-14682/
SUSE CVE CVE-2018-14682 page

Описание

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).

Затронутые продукты

openSUSE Leap 15.2:libmspack-devel-0.6-lp152.6.3.1

openSUSE Leap 15.2:libmspack0-0.6-lp152.6.3.1

openSUSE Leap 15.2:libmspack0-32bit-0.6-lp152.6.3.1

openSUSE Leap 15.2:mspack-tools-0.6-lp152.6.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-14679.html
CVE-2018-14679
https://bugzilla.suse.com/1102922
SUSE Bug 1102922
https://bugzilla.suse.com/1103032
SUSE Bug 1103032
https://bugzilla.suse.com/1103040
SUSE Bug 1103040

Описание

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.

Затронутые продукты

openSUSE Leap 15.2:libmspack-devel-0.6-lp152.6.3.1

openSUSE Leap 15.2:libmspack0-0.6-lp152.6.3.1

openSUSE Leap 15.2:libmspack0-32bit-0.6-lp152.6.3.1

openSUSE Leap 15.2:mspack-tools-0.6-lp152.6.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-14681.html
CVE-2018-14681
https://bugzilla.suse.com/1102922
SUSE Bug 1102922
https://bugzilla.suse.com/1103032
SUSE Bug 1103032
https://bugzilla.suse.com/1103040
SUSE Bug 1103040

Описание

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

Затронутые продукты

openSUSE Leap 15.2:libmspack-devel-0.6-lp152.6.3.1

openSUSE Leap 15.2:libmspack0-0.6-lp152.6.3.1

openSUSE Leap 15.2:libmspack0-32bit-0.6-lp152.6.3.1

openSUSE Leap 15.2:mspack-tools-0.6-lp152.6.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-14682.html
CVE-2018-14682
https://bugzilla.suse.com/1102922
SUSE Bug 1102922
https://bugzilla.suse.com/1103032
SUSE Bug 1103032
https://bugzilla.suse.com/1103040
SUSE Bug 1103040

openSUSE-SU-2021:1200-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2018-14679

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-14681

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-14682

Описание

Затронутые продукты

Ссылки