libmspack (SL7)

By Scientific Linux Team on November 26, 2018

Synopsis: Low: libmspack security update
Advisory ID: SLSA-2018:3327-1
Issue Date: 2018-10-30
CVE Numbers: CVE-2018-14679
CVE-2018-14681
CVE-2018-14680
CVE-2018-14682

Security Fix(es):

* libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity
checks (CVE-2018-14679)

* libmspack: off-by-one error in the CHM chunk number validity checks
(CVE-2018-14680)

* libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c
(CVE-2018-14681)

* libmspack: off-by-one error in the TOLOWER() macro for CHM decompression
(CVE-2018-14682)

SL7
x86_64
libmspack-0.5-0.6.alpha.el7.i686.rpm
libmspack-0.5-0.6.alpha.el7.x86_64.rpm
libmspack-debuginfo-0.5-0.6.alpha.el7.i686.rpm
libmspack-debuginfo-0.5-0.6.alpha.el7.x86_64.rpm
libmspack-devel-0.5-0.6.alpha.el7.i686.rpm
libmspack-devel-0.5-0.6.alpha.el7.x86_64.rpm

– Scientific Linux Development Team