Latest stable releases of libmspack and cabextract, includes security fixes for CVE-2018-14680, CVE-2018-14681, CVE-2018-14682, CVE-2018-18584, CVE-2018-18585

How to install

sudo dnf upgrade --advisory=FEDORA-2018-c73d257297

This update has been submitted for testing by rdieter.

2 years ago

rdieter edited this update.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon cserpentis commented & provided feedback 2 years ago
karma

works for me in a VM

User Icon kparal commented & provided feedback 2 years ago
karma

corrupts extracted cab files. please see #1647033 (tested in F28, but probably affects all releases)

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

2 years ago

This update has been unpushed.

rdieter edited this update.

New build(s):

  • cabextract-1.9-1.fc27
  • libmspack-0.9.1-0.1.alpha.fc27

Removed build(s):

  • cabextract-1.8-1.fc27
  • libmspack-0.8-0.1.alpha.fc27

Karma has been reset.

2 years ago

This update has been submitted for testing by rdieter.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon filiperosset commented & provided feedback 2 years ago
karma

no regressions noted

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for batched by rdieter.

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-4
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1610896 CVE-2018-14681 libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c
0
0
BZ#1610897 CVE-2018-14681 libmspack: Out-of-bounds Write in kwajd_read_headers in mspack/kwajd.c [fedora-all]
0
0
BZ#1610934 CVE-2018-14680 libmspack: off-by-one error in the CHM chunk number validity checks
0
0
BZ#1610936 CVE-2018-14680 libmspack: off-by-one error in the CHM chunk number validity checks [fedora-all]
0
0
BZ#1610941 CVE-2018-14682 libmspack: off-by-one error in the TOLOWER() macro for CHM decompression
0
0
BZ#1610942 CVE-2018-14682 libmspack: off-by-one error in the TOLOWER() macro for CHM decompression [fedora-all]
0
0
BZ#1644214 CVE-2018-18584 libmspack: Out-of-bounds write in mspack/cab.h
0
0
BZ#1644215 CVE-2018-18585 libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes
0
0
BZ#1644218 CVE-2018-18584 CVE-2018-18585 libmspack: various flaws [fedora-all]
0
0
BZ#1644221 CVE-2018-18584 CVE-2018-18585 cabextract: various flaws [fedora-all]
0
0

Automated Test Results