AXSA:2020-287:01

Release date: 
Friday, September 4, 2020 - 12:11
Subject: 
libmspack-0.7-0.3.alpha.el8.4
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Low
Description: 

The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft.

Security Fix(es):

* libmspack: buffer overflow in function chmd_read_headers() (CVE-2019-1010305)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.2 Release Notes linked from the References section.

CVE-2019-1010305
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. libmspack-0.7-0.3.alpha.el8.4.src.rpm
    MD5: 1ea7f6f9271f19fb249964837a71134a
    SHA-256: 214e10811b54a7e130c3944226177715256203f71064490692fac338b7b7e375
    Size: 405.85 kB

Asianux Server 8 for x86_64
  1. libmspack-0.7-0.3.alpha.el8.4.x86_64.rpm
    MD5: 9837cef32bcfad3cb8dcb094d3990ad8
    SHA-256: 8391ef3042ee53590eeeba3b215902f3c5cf24d2a057820317bb90ab26cfa934
    Size: 69.81 kB
  2. libmspack-0.7-0.3.alpha.el8.4.x86_64.rpm
    MD5: 9837cef32bcfad3cb8dcb094d3990ad8
    SHA-256: 8391ef3042ee53590eeeba3b215902f3c5cf24d2a057820317bb90ab26cfa934
    Size: 69.81 kB
  3. libmspack-0.7-0.3.alpha.el8.4.i686.rpm
    MD5: 79c78eddf96a885ab164c1a453dd9318
    SHA-256: 837f0e36971f50addfef56bf2097fb64c8eaf1d5f60d837a9824e4103017b347
    Size: 72.45 kB
  4. libmspack-0.7-0.3.alpha.el8.4.i686.rpm
    MD5: 79c78eddf96a885ab164c1a453dd9318
    SHA-256: 837f0e36971f50addfef56bf2097fb64c8eaf1d5f60d837a9824e4103017b347
    Size: 72.45 kB
Copyright© 2007-2015 Asianux. All rights reserved.