UbuntuUpdates.org

Package "libmspack0"

Name: libmspack0

Description:

library for Microsoft compression formats (shared library)

Latest version: 0.5-1ubuntu0.16.04.4
Release: xenial (16.04)
Level: security
Repository: main
Head package: libmspack
Homepage: http://www.cabextract.org.uk/libmspack/

Links


Download "libmspack0"


Other versions of "libmspack0" in Xenial

Repository Area Version
base main 0.5-1
updates main 0.5-1ubuntu0.16.04.4

Changelog

Version: 0.5-1ubuntu0.16.04.4 2019-07-18 23:07:06 UTC

  libmspack (0.5-1ubuntu0.16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2019-1010305.patch: length checks when looking
      for control files in mspack/chmd.c.
    - CVE-2019-1010305

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 17 Jul 2019 12:04:22 -0300

Source diff to previous version
CVE-2019-1010305 libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmsp

Version: 0.5-1ubuntu0.16.04.3 2018-11-12 11:06:23 UTC

  libmspack (0.5-1ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-18585.patch: Ensure file names are valid in chmd.c
    - CVE-2018-18585
  * SECURITY UPDATE: One byte buffer overflow -
    - debian/patches/CVE-2018-18584.patch: Ensure input buffer is large
      enough in cab.h
    - CVE-2018-18584

 -- Alex Murray <email address hidden> Fri, 09 Nov 2018 10:35:47 +1030

Source diff to previous version
CVE-2018-18585 chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0"
CVE-2018-18584 In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum bloc

Version: 0.5-1ubuntu0.16.04.2 2018-08-01 20:06:53 UTC

  libmspack (0.5-1ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14679-and-CVE-2018-14680.patch:
      fix in chmd.c.
    - CVE-2018-14679
    - CVE-2018-14680
  * SECURITY UPDATE: Bytes overwire with bad KWAJ file extension
    - debian/patches/CVE-2018-14681.patch: fix in Makefile.am,
      mspack/kwajd.c, test/kwajd_test.c and add some files
      for test propose in test_files/kwajd/f*.kwj.
    - CVE-2018-14681
  * SECURITY UPDATE: Off-by-one error
    - debian/patches/CVE-2018-14682.patch: fix in mspack/chmd.c.
    - CVE-2018-14682

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 01 Aug 2018 11:29:49 -0300

Source diff to previous version
CVE-2018-14679 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks
CVE-2018-14680 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
CVE-2018-14681 An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or tw
CVE-2018-14682 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

Version: 0.5-1ubuntu0.16.04.1 2017-08-17 18:06:42 UTC
No changelog available yet.



About   -   Send Feedback to @ubuntu_updates