Latest stable releases of libmspack and cabextract, includes security fixes for CVE-2018-14680, CVE-2018-14681, CVE-2018-14682, CVE-2018-18584, CVE-2018-18585

How to install

sudo dnf upgrade --advisory=FEDORA-2018-cb337fb199

This update has been submitted for testing by rdieter.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon kparal commented & provided feedback 2 years ago
karma

corrupts extracted cab files. please see #1647033

This update has been unpushed.

rdieter edited this update.

New build(s):

  • cabextract-1.9-1.fc28
  • libmspack-0.9.1-0.1.alpha.fc28

Removed build(s):

  • cabextract-1.8-1.fc28
  • libmspack-0.8-0.1.alpha.fc28

Karma has been reset.

2 years ago

This update has been submitted for testing by rdieter.

2 years ago

rdieter edited this update.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon filiperosset commented & provided feedback 2 years ago
karma

no regressions noted

User Icon kparal commented & provided feedback 2 years ago
karma

seems to fix the corruption bug

BZ#1647033 libmspack-0.8-0.1.alpha corrupts extracted cab files

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

2 years ago

This update has been submitted for batched by rdieter.

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-4
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1610896 CVE-2018-14681 libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c
0
0
BZ#1610897 CVE-2018-14681 libmspack: Out-of-bounds Write in kwajd_read_headers in mspack/kwajd.c [fedora-all]
0
0
BZ#1610934 CVE-2018-14680 libmspack: off-by-one error in the CHM chunk number validity checks
0
0
BZ#1610936 CVE-2018-14680 libmspack: off-by-one error in the CHM chunk number validity checks [fedora-all]
0
0
BZ#1610941 CVE-2018-14682 libmspack: off-by-one error in the TOLOWER() macro for CHM decompression
0
0
BZ#1610942 CVE-2018-14682 libmspack: off-by-one error in the TOLOWER() macro for CHM decompression [fedora-all]
0
0
BZ#1644214 CVE-2018-18584 libmspack: Out-of-bounds write in mspack/cab.h
0
0
BZ#1644215 CVE-2018-18585 libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes
0
0
BZ#1644218 CVE-2018-18584 CVE-2018-18585 libmspack: various flaws [fedora-all]
0
0
BZ#1644221 CVE-2018-18584 CVE-2018-18585 cabextract: various flaws [fedora-all]
0
0
BZ#1647033 libmspack-0.8-0.1.alpha corrupts extracted cab files
0
1

Automated Test Results