FEDORA-2018-a5953af115

security update in Fedora 29 for cabextract and libmspack

Status: stable 9 months ago

Latest stable releases of libmspack and cabextract, includes security fixes for CVE-2018-14680, CVE-2018-14681, CVE-2018-14682, CVE-2018-18584, CVE-2018-18585

Comments 21

This update has been submitted for testing by rdieter.

rdieter edited this update.

rdieter edited this update.

This update has been pushed to testing.

works for me

karma: +1

Works great! LGTM! =)

karma: +1

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

This update has been submitted for batched by rdieter.

corrupts extracted cab files. please see #1647033 (tested in F28, but probably affects all releases)

karma: -1

(please cancel the stable push request, thanks)

This update has been unpushed.

rdieter edited this update.

New build(s):

  • cabextract-1.9-1.fc29
  • libmspack-0.9.1-0.1.alpha.fc29

Removed build(s):

  • cabextract-1.8-1.fc29
  • libmspack-0.8-0.1.alpha.fc29

Karma has been reset.

This update has been submitted for testing by rdieter.

This update has been pushed to testing.

no regressions noted

karma: +1

seems to fix the corruption bug

karma: +1

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

This update has been submitted for batched by rdieter.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+3
stable threshold: 2
unstable threshold: -4
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted 10 months ago
in testing 9 months ago
in stable 9 months ago
modified 9 months ago

Related Bugs 10

00 #1610896 CVE-2018-14681 libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c
00 #1610897 CVE-2018-14681 libmspack: Out-of-bounds Write in kwajd_read_headers in mspack/kwajd.c [fedora-all]
00 #1610934 CVE-2018-14680 libmspack: off-by-one error in the CHM chunk number validity checks
00 #1610936 CVE-2018-14680 libmspack: off-by-one error in the CHM chunk number validity checks [fedora-all]
00 #1610941 CVE-2018-14682 libmspack: off-by-one error in the TOLOWER() macro for CHM decompression
00 #1610942 CVE-2018-14682 libmspack: off-by-one error in the TOLOWER() macro for CHM decompression [fedora-all]
00 #1644214 CVE-2018-18584 libmspack: Out-of-bounds write in mspack/cab.h
00 #1644215 CVE-2018-18585 libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes
00 #1644218 CVE-2018-18584 CVE-2018-18585 libmspack: various flaws [fedora-all]
00 #1644221 CVE-2018-18584 CVE-2018-18585 cabextract: various flaws [fedora-all]

Automated Test Results