Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 33 articles for you...
172
security advisorydenial of servicecriticalUbuntu 14.04 LTS: libmspack Critical Denial of Service Advisory USN-7788-1
Several security issues were fixed in libmspack.. ========================================================================== Ubuntu Security Notice USN-7788-1 October 01, 2025 libmspack vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in libmspack. Software Description: - libmspack: library for Microsoft compression formats Details: Jakub Wilk discovered that libmspack did not correctly handle certain integer operations and bounds checking. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-4467, CVE-2015-4468, CVE-2015-4469, CVE-2015-4472) It was discovered that libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. (CVE-2017-11423) It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-6419) Hanno Böck discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14679, CVE-2018-14680) Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-14681) Dmitry Glavatskikh discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-14682) It was discovered libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. (CVE-2018-18585) It was discovered that libmspack incorrectly handled certain CHM files. A remote attacker could possibly use this issue toaccess sensitive information. (CVE-2019-1010305) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS libmspack-dev 0.4-1ubuntu0.1~esm2 Available with Ubuntu Pro libmspack-doc 0.4-1ubuntu0.1~esm2 Available with Ubuntu Pro libmspack0 0.4-1ubuntu0.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7788-1 CVE-2015-4467, CVE-2015-4468, CVE-2015-4469, CVE-2015-4472, CVE-2017-11423, CVE-2017-6419, CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682, CVE-2018-18585, CVE-2019-1010305 . Several security issues in libmspack can lead to denial of service or arbitrary code execution. Update recommended!. Ubuntu 14.04 LTS, libmspack, security issues. . Severity: Critical. LinuxSecurity.com Team
Oct 01, 2025
•Critical
Ubuntu
100
security advisorymoderatesoftware updateSUSE 2022:4287-1 Security Patch for Libmspack - Moderate Severity
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for libmspack ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4287-1 Rating: moderate References: #1113040 Cross-References: CVE-2018-18586 CVSS scores: CVE-2018-18586 (NVD) : 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libmspack fixes the following issues: - CVE-2018-18586: Add leading slash protection to chmextract. (bsc#1113040) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4287=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4287=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libmspack-debugsource-0.4-15.13.1 libmspack-devel-0.4-15.13.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libmspack-debugsource-0.4-15.13.1 libmspack0-0.4-15.13.1 libmspack0-debuginfo-0.4-15.13.1 References: https://www.suse.com/security/cve/CVE-2018-18586.html https://bugzilla.suse.com/1113040 . SUSE Security Patch for libmspack addresses CVE-2018-18586; a moderate-impact fix is advised for vulnerable installations.. SUSE Update, Libmspack Security, SUSEAdvisory, Patch Instructions. . LinuxSecurity.com Team
Nov 29, 2022
SuSE
100
security advisorydirectory traversallow severitySUSE: 2022:0069-2 Low: libmspack Directory Traversal Security Advisory
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for libmspack ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0069-2 Rating: low References: #1113040 Cross-References: CVE-2018-18586 CVSS scores: CVE-2018-18586 (NVD) : 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libmspack fixes the following issues: - CVE-2018-18586: Fixed directory traversal in chmextract by adding anti "../" and leading slash protection (bsc#1113040). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-69=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libmspack-debugsource-0.6-3.14.1 libmspack-devel-0.6-3.14.1 libmspack0-0.6-3.14.1 libmspack0-debuginfo-0.6-3.14.1 References: https://www.suse.com/security/cve/CVE-2018-18586.html https://bugzilla.suse.com/1113040 . SUSE Security Patch for libmspack: Resolution for a path traversal vulnerability assessed with a minor severity level.. SUSE Security Update, libmspack Update, Directory Traversal Patch. . Severity: Low. LinuxSecurity.com Team
Feb 18, 2022
•Low
SuSE
202
security advisorysecurity updatedirectory traversalopenSUSE Leap 15.4: 2022:0070-1 Critical Vulnerability in OpenSSL DoS
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for libmspack ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0069-2 Rating: low References: #1113040 Cross-References: CVE-2018-18586 CVSS scores: CVE-2018-18586 (NVD) : 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libmspack fixes the following issues: - CVE-2018-18586: Fixed directory traversal in chmextract by adding anti "../" and leading slash protection (bsc#1113040). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-69=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libmspack-debugsource-0.6-3.14.1 libmspack-devel-0.6-3.14.1 libmspack0-0.6-3.14.1 libmspack0-debuginfo-0.6-3.14.1 mspack-tools-0.6-3.14.1 mspack-tools-debuginfo-0.6-3.14.1 - openSUSE Leap 15.4 (x86_64): libmspack0-32bit-0.6-3.14.1 libmspack0-32bit-debuginfo-0.6-3.14.1 References: https://www.suse.com/security/cve/CVE-2018-18586.html https://bugzilla.suse.com/1113040 . Learn how to resolve directory traversal vulnerabilities in libmspack on openSUSE with this comprehensive step-by-step installation guide. openSUSE Security Update, Libmspack Patch, Directory Traversal Fix. . Severity: Critical. LinuxSecurity.com Team
Feb 18, 2022
•Critical
OpenSUSE
202
security advisorysecurity issuesoftware updateopenSUSE Leap 15.3: 2022:0069-1 Low: libmspack Directory Traversal
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for libmspack ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0069-1 Rating: low References: #1113040 Cross-References: CVE-2018-18586 CVSS scores: CVE-2018-18586 (NVD) : 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libmspack fixes the following issues: - CVE-2018-18586: Fixed directory traversal in chmextract by adding anti "../" and leading slash protection (bsc#1113040). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-69=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libmspack-debugsource-0.6-3.14.1 libmspack-devel-0.6-3.14.1 libmspack0-0.6-3.14.1 libmspack0-debuginfo-0.6-3.14.1 mspack-tools-0.6-3.14.1 mspack-tools-debuginfo-0.6-3.14.1 - openSUSE Leap 15.3 (x86_64): libmspack0-32bit-0.6-3.14.1 libmspack0-32bit-debuginfo-0.6-3.14.1 References: https://www.suse.com/security/cve/CVE-2018-18586.html https://bugzilla.suse.com/1113040 . openSUSE Security Update for libmspack addresses critical directory traversal vulnerability. Advisory Reference: openSUSE-SU-2022:0070-1.. openSUSE Security Update, libmspack Fix, Directory Traversal Patch. . Severity: Low. LinuxSecurity.com Team
Jan 13, 2022
•Low
OpenSUSE
100
security advisorydirectory traversallow severitySUSE MicroOS 5.1: SUSE-SU-2022:0069-1 Low Severity Libmspack Issue
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for libmspack ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0069-1 Rating: low References: #1113040 Cross-References: CVE-2018-18586 CVSS scores: CVE-2018-18586 (NVD) : 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libmspack fixes the following issues: - CVE-2018-18586: Fixed directory traversal in chmextract by adding anti "../" and leading slash protection (bsc#1113040). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-69=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-69=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-69=1 Package List: - SUSE MicroOS 5.1 (x86_64): libmspack-debugsource-0.6-3.14.1 libmspack0-0.6-3.14.1 libmspack0-debuginfo-0.6-3.14.1 - SUSE MicroOS 5.0 (x86_64): libmspack-debugsource-0.6-3.14.1 libmspack0-0.6-3.14.1 libmspack0-debuginfo-0.6-3.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libmspack-debugsource-0.6-3.14.1 libmspack-devel-0.6-3.14.1 libmspack0-0.6-3.14.1 libmspack0-debuginfo-0.6-3.14.1 References: https://www.suse.com/security/cve/CVE-2018-18586.html https://bugzilla.suse.com/1113040 . SUSE issues a minor severity bulletin regarding libmspack, addressing directory traversal security flaws. Adhere to the provided patch guidelines.. SUSE MicroOS Update, Directory Traversal Patch, libmspack Fix, Linux Security Patch. . Severity: Low. LinuxSecurity.com Team
Jan 13, 2022
•Low
SuSE
197
security advisorybuffer overflowdebianDebian 9: DLA-2805-1 Critical: libmspack Buffer Overflow Fix
Opening a crafted chm file could result in a buffer overflow in libmspack, a library for Microsoft compression formats. For Debian 9 stretch, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2805-1
Oct 31, 2021
•Critical
Debian LTS
202
security advisorymoderatedenial of serviceopenSUSE Leap 15.2: 2021:1200-1 Moderate: Libmspack DoS Threat
An update that fixes three vulnerabilities is now available. . openSUSE Security Update: Security update for libmspack ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1200-1 Rating: moderate References: #1103032 Cross-References: CVE-2018-14679 CVE-2018-14681 CVE-2018-14682 CVSS scores: CVE-2018-14679 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-14679 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2018-14681 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14681 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L CVE-2018-14682 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-14682 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libmspack fixes the following issues: - CVE-2018-14681: Bad KWAJ file header extensions could cause a one or two byte overwrite. (bsc#1103032) - CVE-2018-14682: There is an off-by-one error in the TOLOWER() macro for CHM decompression. (bsc#1103032) - CVE-2018-14679: There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service. (bsc#1103032) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1200=1 Package List: - openSUSE Leap 15.2 (i586x86_64): libmspack-debugsource-0.6-lp152.6.3.1 libmspack-devel-0.6-lp152.6.3.1 libmspack0-0.6-lp152.6.3.1 libmspack0-debuginfo-0.6-lp152.6.3.1 mspack-tools-0.6-lp152.6.3.1 mspack-tools-debuginfo-0.6-lp152.6.3.1 - openSUSE Leap 15.2 (x86_64): libmspack0-32bit-0.6-lp152.6.3.1 libmspack0-32bit-debuginfo-0.6-lp152.6.3.1 References: https://www.suse.com/security/cve/CVE-2018-14679.html https://www.suse.com/security/cve/CVE-2018-14681.html https://www.suse.com/security/cve/CVE-2018-14682.html https://bugzilla.suse.com/1103032 . OpenSUSE Security Patch for libmspack fixes four vulnerabilities classified as moderate risk. Urgent measures advised.. openSUSE, libmspack update, security patch, moderate severity, vulnerability fix. . LinuxSecurity.com Team
Aug 25, 2021
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!