Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

Debian 8: DLA-1555-1 Moderate: Libmspack Out-Of-Bounds Write Fix

debian lts
Calendar Grey October 26, 2018
Dist Debian Esm H88
Urgent patch release for libmspack addressing buffer overflow vulnerabilities and input sanitation flaws in Debian 8 Jessie.
CVE-2018-18584 Fixing the size of the CAB block input buffer, which is too small for the maximal Quantum block, prevents an out-of-bounds write

Summary

CVE-2018-18585
Blank filenames (having length zero or their 1st or 2nd byte is
null) should be rejected.


For Debian 8 "Jessie", these problems have been fixed in version
0.5-1+deb8u3.

We recommend that you upgrade your libmspack packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



Package: libmspack
Version: 0.5-1+deb8u3
CVE ID: CVE-2018-18584 CVE-2018-18585

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.