openSUSE-SU-2022:0069-2

Опубликовано: 18 фев. 2022

Источник: suse-cvrf

Описание

Security update for libmspack

This update for libmspack fixes the following issues:

CVE-2018-18586: Fixed directory traversal in chmextract by adding anti '../' and leading slash protection (bsc#1113040).

Список пакетов

openSUSE Leap 15.4

libmspack-devel-0.6-3.14.1

libmspack0-0.6-3.14.1

libmspack0-32bit-0.6-3.14.1

mspack-tools-0.6-3.14.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OUTOW52AMZBWLZJOXYYD2UOLF2KPJEKX/
E-Mail link for openSUSE-SU-2022:0069-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1113040
SUSE Bug 1113040
https://www.suse.com/security/cve/CVE-2018-18586/
SUSE CVE CVE-2018-18586 page

Описание

** DISPUTED ** chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application.

Затронутые продукты

openSUSE Leap 15.4:libmspack-devel-0.6-3.14.1

openSUSE Leap 15.4:libmspack0-0.6-3.14.1

openSUSE Leap 15.4:libmspack0-32bit-0.6-3.14.1

openSUSE Leap 15.4:mspack-tools-0.6-3.14.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-18586.html
CVE-2018-18586
https://bugzilla.suse.com/1113038
SUSE Bug 1113038
https://bugzilla.suse.com/1113039
SUSE Bug 1113039
https://bugzilla.suse.com/1113040
SUSE Bug 1113040

openSUSE-SU-2022:0069-2

Описание

Список пакетов

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2018-18586

Описание

Затронутые продукты

Ссылки