libmspack-0.5-0.7.alpha.el7
エラータID: AXSA:2019-4006:01
The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft.
Security Fix(es):
* libmspack: Out-of-bounds write in mspack/cab.h (CVE-2018-18584)
* libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes (CVE-2018-18585)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2018-18584
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
CVE-2018-18585
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
Update packages.
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
N/A
SRPMS
- libmspack-0.5-0.7.alpha.el7.src.rpm
MD5: 9f2b597a59de7749bbb5ae2e4a8a515e
SHA-256: a9748be5526c87b00a8698668302737acc135d39d10c8aa2d7eaabfe608dbdc4
Size: 656.72 kB
Asianux Server 7 for x86_64
- libmspack-0.5-0.7.alpha.el7.x86_64.rpm
MD5: 9eb8845c2689c8d4a71208436544f6e8
SHA-256: 22ae79ce3f8f085c79f64949f3b21c4af40631433a216d3554fc60d648dc44be
Size: 63.37 kB - libmspack-devel-0.5-0.7.alpha.el7.x86_64.rpm
MD5: 95ccbb5003e5fce0221185c85170dda6
SHA-256: 22508cfdf1f317981806a4509359c1f1fe3f0fcfea715aa74bb3c6f4afa017f6
Size: 160.56 kB - libmspack-0.5-0.7.alpha.el7.i686.rpm
MD5: 269ba1119725a177b73961f4f7f38827
SHA-256: 1a5272c3812befa359d01a4b187727d215d14d68d150308dd64e8894bf1221f3
Size: 63.93 kB