Univention Bugzilla – Bug 48168
libmspack: Multiple issues (4.3)
Last modified: 2018-11-21 15:21:18 CET
New Debian libmspack 0.5-1.A~4.3.2.201811191242 fixes: This update addresses the following issues: * heap-based buffer overflow in mspack/lzxd.c (CVE-2017-6419) * Stack-based buffer over-read in cabd_read_string function (CVE-2017-11423) * off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) * off-by-one error in the CHM chunk number validity checks (CVE-2018-14680) * Out-of-bounds Write in kwajd_read_headers in mspack/kwajd.c (CVE-2018-14681) * off-by-one error in the TOLOWER() macro for CHM decompression (CVE-2018-14682) * Out-of-bounds write in mspack/cab.h (CVE-2018-18584) * chmd_read_headers() fails to reject filenames containing NULL bytes (CVE-2018-18585)
--- mirror/ftp/4.3/unmaintained/4.3-2/source/libmspack_0.5-1.A~4.3.1.201808081421.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/libmspack_0.5-1.A~4.3.2.201811191242.dsc @@ -1,7 +1,17 @@ -0.5-1.A~4.3.1.201808081421 [Wed, 08 Aug 2018 14:21:26 +0200] Univention builddaemon <buildd@univention.de>: +0.5-1.A~4.3.2.201811191242 [Mon, 19 Nov 2018 12:45:35 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. No patches were applied to the original source package +0.5-1+deb9u3 [Fri, 26 Oct 2018 19:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2018-18584 (Closes: #911640) + Fixing the size of the CAB block input buffer, which is too small + for the maximal Quantum block, prevents an out-of-bounds write. + * CVE-2018-18585 (Closes: #911637) + Blank filenames (having length zero or their 1st or 2nd byte is + null) should be rejected. + 0.5-1+deb9u2 [Thu, 02 Aug 2018 19:18:37 +0200] Sebastian Andrzej Siewior <sebastian@breakpoint.cc>: * Non-maintainer upload. <http://10.200.17.11/4.3-2/#4389772581064432223>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-2] dc5980d4f6 Bug #48168: libmspack 0.5-1.A~4.3.2.201811191242 doc/errata/staging/libmspack.yaml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+)
<http://errata.software-univention.de/ucs/4.3/319.html>