ALT-BU-2018-3527-1
Branch p7 update bulletin.
Closed vulnerabilities
BDU:2020-01873
Уязвимость функции kwajd_read_headers библиотеки Libmspack и утилиты разархивации CAB-файлов СabExtract, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2007-0899
There is a possible heap overflow in libclamav/fsg.c before 0.100.0.
Modified: 2024-11-21
CVE-2018-0360
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
- 1041367
- 1041367
- https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
- https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
- [debian-lts-announce] 20180820 [SECURITY] [DLA 1461-1] clamav security update
- [debian-lts-announce] 20180820 [SECURITY] [DLA 1461-1] clamav security update
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-12/
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-12/
- GLSA-201904-12
- GLSA-201904-12
- USN-3722-1
- USN-3722-1
- USN-3722-2
- USN-3722-2
Modified: 2024-11-21
CVE-2018-0361
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
- 1041367
- 1041367
- https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
- https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
- [debian-lts-announce] 20180820 [SECURITY] [DLA 1461-1] clamav security update
- [debian-lts-announce] 20180820 [SECURITY] [DLA 1461-1] clamav security update
- GLSA-201904-12
- GLSA-201904-12
Modified: 2024-11-21
CVE-2018-14680
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
- http://www.openwall.com/lists/oss-security/2018/07/26/1
- 1041410
- RHSA-2018:3327
- RHSA-2018:3505
- https://bugs.debian.org/904801
- https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
- [debian-lts-announce] 20180806 [SECURITY] [DLA-1460-1] libmspack security update
- GLSA-201903-20
- USN-3728-1
- USN-3728-2
- USN-3728-3
- USN-3789-2
- DSA-4260
- http://www.openwall.com/lists/oss-security/2018/07/26/1
- DSA-4260
- USN-3789-2
- USN-3728-3
- USN-3728-2
- USN-3728-1
- GLSA-201903-20
- [debian-lts-announce] 20180806 [SECURITY] [DLA-1460-1] libmspack security update
- https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
- https://bugs.debian.org/904801
- RHSA-2018:3505
- RHSA-2018:3327
- 1041410
Modified: 2024-11-21
CVE-2018-14681
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
- http://www.openwall.com/lists/oss-security/2018/07/26/1
- 1041410
- RHSA-2018:3327
- RHSA-2018:3505
- https://bugs.debian.org/904799
- https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
- [debian-lts-announce] 20180806 [SECURITY] [DLA-1460-1] libmspack security update
- GLSA-201903-20
- USN-3728-1
- USN-3728-2
- USN-3728-3
- USN-3789-2
- DSA-4260
- http://www.openwall.com/lists/oss-security/2018/07/26/1
- DSA-4260
- USN-3789-2
- USN-3728-3
- USN-3728-2
- USN-3728-1
- GLSA-201903-20
- [debian-lts-announce] 20180806 [SECURITY] [DLA-1460-1] libmspack security update
- https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
- https://bugs.debian.org/904799
- RHSA-2018:3505
- RHSA-2018:3327
- 1041410
Modified: 2024-11-21
CVE-2018-14682
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
- http://www.openwall.com/lists/oss-security/2018/07/26/1
- 1041410
- RHSA-2018:3327
- RHSA-2018:3505
- https://bugs.debian.org/904800
- https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
- [debian-lts-announce] 20180806 [SECURITY] [DLA-1460-1] libmspack security update
- GLSA-201903-20
- USN-3728-1
- USN-3728-2
- USN-3728-3
- USN-3789-2
- DSA-4260
- http://www.openwall.com/lists/oss-security/2018/07/26/1
- DSA-4260
- USN-3789-2
- USN-3728-3
- USN-3728-2
- USN-3728-1
- GLSA-201903-20
- [debian-lts-announce] 20180806 [SECURITY] [DLA-1460-1] libmspack security update
- https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
- https://bugs.debian.org/904800
- RHSA-2018:3505
- RHSA-2018:3327
- 1041410
Modified: 2024-11-21
CVE-2018-15378
A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.
- https://bugzilla.clamav.net/show_bug.cgi?id=12170
- https://bugzilla.clamav.net/show_bug.cgi?id=12170
- [debian-lts-announce] 20181024 [SECURITY] [DLA 1553-1] clamav security update
- [debian-lts-announce] 20181024 [SECURITY] [DLA 1553-1] clamav security update
- 83000
- 83000
- GLSA-201904-12
- GLSA-201904-12
- USN-3789-1
- USN-3789-1
- USN-3789-2
- USN-3789-2
- https://www.flexera.com/company/secunia-research/advisories/SR-2018-23.html
- https://www.flexera.com/company/secunia-research/advisories/SR-2018-23.html
Closed bugs
Обновить clamav