ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0455
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0455)
Resumen:	The remote host is missing an update for the 'cabextract, libmspack' package(s) announced via the MGASA-2018-0455 advisory.
Descripción:	Summary: The remote host is missing an update for the 'cabextract, libmspack' package(s) announced via the MGASA-2018-0455 advisory. Vulnerability Insight: Hanno Bock discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service (CVE-2018-14679, CVE-2018-14680). Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue to execute arbitrary code (CVE-2018-14681). Dmitry Glavatskikh discovered that libmspack incorrectly certain CHM files. An attacker could possibly use this issue to execute arbitrary code (CVE-2018-14682). If a CAB file has a Quantum-compressed datablock with exactly 38912 compressed bytes, cabextract would write exactly one byte beyond its input buffer (CVE-2018-18584). libmspack didn't reject blank CHM filenames that are blank because they have embedded null bytes, not just because they are zero-length (CVE-2018-18585). chmextract didn't protect from absolute/relative pathnames in CHM files (CVE-2018-18586). Affected Software/OS: 'cabextract, libmspack' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-14679 Debian Security Information: DSA-4260 (Google Search) https://www.debian.org/security/2018/dsa-4260 https://security.gentoo.org/glsa/201903-20 http://www.openwall.com/lists/oss-security/2018/07/26/1 https://bugs.debian.org/904802 https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html RedHat Security Advisories: RHSA-2018:3327 https://access.redhat.com/errata/RHSA-2018:3327 RedHat Security Advisories: RHSA-2018:3505 https://access.redhat.com/errata/RHSA-2018:3505 http://www.securitytracker.com/id/1041410 https://usn.ubuntu.com/3728-1/ https://usn.ubuntu.com/3728-2/ https://usn.ubuntu.com/3728-3/ https://usn.ubuntu.com/3789-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-14680 https://bugs.debian.org/904801 Common Vulnerability Exposure (CVE) ID: CVE-2018-14681 https://bugs.debian.org/904799 https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8 Common Vulnerability Exposure (CVE) ID: CVE-2018-14682 https://bugs.debian.org/904800 https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8 Common Vulnerability Exposure (CVE) ID: CVE-2018-18584 https://bugs.debian.org/911640 https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2 https://www.cabextract.org.uk/#changes https://www.openwall.com/lists/oss-security/2018/10/22/1 https://www.starwindsoftware.com/security/sw-20181213-0001/ https://lists.debian.org/debian-lts-announce/2018/10/msg00017.html RedHat Security Advisories: RHSA-2019:2049 https://access.redhat.com/errata/RHSA-2019:2049 https://usn.ubuntu.com/3814-1/ https://usn.ubuntu.com/3814-2/ https://usn.ubuntu.com/3814-3/ Common Vulnerability Exposure (CVE) ID: CVE-2018-18585 https://bugs.debian.org/911637 https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f https://www.starwindsoftware.com/security/sw-20181213-0002/ Common Vulnerability Exposure (CVE) ID: CVE-2018-18586 https://bugs.debian.org/911639 https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.