ALT-PU-2024-8946-3
Package cabextract updated to version 1.11-alt1 for branch p10 in task 350768.
Closed vulnerabilities
Published: 2018-10-22
BDU:2019-01362
Уязвимость библиотеки Libmspack и утилиты разархивации CAB-файлов СabExtract, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: HIGH (8.6)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
References:
Published: 2018-10-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-18584
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- RHSA-2019:2049
- RHSA-2019:2049
- https://bugs.debian.org/911640
- https://bugs.debian.org/911640
- https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2
- https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2
- [debian-lts-announce] 20181026 [SECURITY] [DLA 1555-1] libmspack security update
- [debian-lts-announce] 20181026 [SECURITY] [DLA 1555-1] libmspack security update
- GLSA-201903-20
- GLSA-201903-20
- USN-3814-1
- USN-3814-1
- USN-3814-2
- USN-3814-2
- USN-3814-3
- USN-3814-3
- https://www.cabextract.org.uk/#changes
- https://www.cabextract.org.uk/#changes
- https://www.openwall.com/lists/oss-security/2018/10/22/1
- https://www.openwall.com/lists/oss-security/2018/10/22/1
- https://www.starwindsoftware.com/security/sw-20181213-0001/
- https://www.starwindsoftware.com/security/sw-20181213-0001/