gcab-0.7-4.el7

エラータID: AXSA:2018-2581:01

Release date: 
Tuesday, February 27, 2018 - 04:48
Subject: 
gcab-0.7-4.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The gcab package contains a utility for managing the Cabinet archives. It can list, extract, and create Microsoft cabinet (.cab) files.

Security Fix(es):

* gcab: Extracting malformed .cab files causes stack smashing potentially leading to arbitrary code execution (CVE-2018-5345)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-5345
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be
exploited by malicious attackers to cause a crash or, potentially,
execute arbitrary code via a crafted .cab file.

Solution: 

Update packages.

CVEs: 
CVE-2018-5345
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.
Additional Info: 

N/A

Download: 

SRPMS
  1. gcab-0.7-4.el7.src.rpm
    MD5: 5d3895a7857c94ca8d051ffe18556a88
    SHA-256: ac15d0933500bd8cd5b8118f8052f93cf31d573468f78cb5ff69c39e90b470d4
    Size: 335.56 kB

Asianux Server 7 for x86_64
  1. libgcab1-0.7-4.el7.x86_64.rpm
    MD5: ce48e5577f3cd475a47dc4a4afcad9a0
    SHA-256: fc4bcbe676949ceb7e7ee3b86469578ef541d26d649d26c1877eb58fd642d2dd
    Size: 64.63 kB
  2. libgcab1-devel-0.7-4.el7.x86_64.rpm
    MD5: 457bd629eb5213c2a8229e105af1104d
    SHA-256: 6f57e9951e5efe7a1eef114f61c37213b358e3a962d76c10448b947cbc58b718
    Size: 28.29 kB
  3. libgcab1-0.7-4.el7.i686.rpm
    MD5: a8bb38d46bd015872a19c924ff60bf90
    SHA-256: e19356939c8ed00e15f702c86d78995654067e60bb6eadca73ce7c9c48bd0822
    Size: 64.16 kB
  4. libgcab1-devel-0.7-4.el7.i686.rpm
    MD5: 9b821180f7c10fac35ca4ee34b666888
    SHA-256: a827188009e8ae092a56b7a24e8c2cddc3b8dde8db77d34e8ab332c6f397ac09
    Size: 28.32 kB