| View previous topic :: View next topic |
| Author |
Message |
GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Mar 28, 2019 6:26 am Post subject: [ GLSA 201903-20 ] cabextract, libmspack |
 |
|
Gentoo Linux Security Advisory
Title: cabextract, libmspack: Multiple vulnerabilities (GLSA 201903-20)
Severity: normal
Exploitable: remote
Date: 2019-03-28
Bug(s): #662874, #669280
ID: 201903-20
Synopsis
Multiple vulnerabilities have been found in cabextract and
libmspack, the worst of which could result in a Denial of Service.
Background
cabextract is free software for extracting Microsoft cabinet files.libmspack is a portable library for some loosely related Microsoft
compression formats
Affected Packages
Package: app-arch/cabextract
Vulnerable: < 1.8
Unaffected: >= 1.8
Architectures: All supported architectures
Package: dev-libs/libmspack
Vulnerable: < 0.8_alpha
Unaffected: >= 0.8_alpha
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in cabextract and
libmspack. Please review the CVE identifiers referenced below for
details.
Impact
Please review the referenced CVE’s for details.
Workaround
There is no known workaround at this time.
Resolution
All cabextract users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/cabextract-1.8"
|
All libmspack users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libmspack-0.8_alpha"
|
References
CVE-2018-14679
CVE-2018-14680
CVE-2018-14681
CVE-2018-14682
CVE-2018-18584
CVE-2018-18585
CVE-2018-18586 |
|
| Back to top |
|
 |
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
News & Announcements
