Bugzilla – Bug 934525
VUL-1: CVE-2015-4467: cabextract,libmspack: denial of service while processing crafted CHM file (floating point exception)
Last modified: 2020-09-23 15:58:53 UTC
rh#1180175 The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file. References: https://bugzilla.redhat.com/show_bug.cgi?id=1180175 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4467 http://seclists.org/oss-sec/2015/q2/691 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774726#3 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774725 http://anonscm.debian.org/cgit/collab-maint/libmspack.git/commit/?id=a25bb144795e526748b57884daf365732c7e2295 http://anonscm.debian.org/cgit/collab-maint/libmspack.git/diff/debian/patches/fix-division-by-zero.patch?id=a25bb144795e526748b57884daf365732c7e2295 For SLE 11, this needs to be fixed libmspack and cabextract. For SLE 12, cabextract builds --with-external-libmspack, so only libmspack needs to be fixed.
An update workflow for this issue was started. This issue was rated as low. Please submit fixed packages until 2015-07-10. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61986
bugbot adjusting priority
Taking fix-division-by-zero.patch from Debian.
The same is in the upstream as well: https://github.com/kyz/libmspack/commit/b3102f4707a32d60514c06c399c3be4caffd7f25
SLE12: https://build.suse.de/request/show/60400 https://build.suse.de/package/show/home:sbrabec:branches:libmspack-security/libmspack.SUSE_SLE-12_Update SLE11 and openSUSE will be prepared tomorrow.
Backport of this patch to SLE11 libmspack was easy and straightforward: https://build.suse.de/project/show/home:sbrabec:branches:libmspack-security-sle11
Done. https://build.suse.de/project/show/home:sbrabec:branches:libmspack-security-sle11 libmspack: https://build.suse.de/request/show/60558 cabextract: not affected CHM decompression is not implemented
SUSE-SU-2015:2215-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 934524,934525,934526,934527,934528,934529 CVE References: CVE-2014-9732,CVE-2015-4467,CVE-2015-4469,CVE-2015-4470,CVE-2015-4471,CVE-2015-4472 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Software Development Kit 11-SP3 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server for VMWare 11-SP3 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11-SP4 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11-SP3 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Desktop 11-SP4 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Desktop 11-SP3 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): libmspack-0.0.20060920alpha-74.10.1
SUSE-SU-2016:0011-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 934524,934525,934526,934527,934528,934529 CVE References: CVE-2014-9732,CVE-2015-4467,CVE-2015-4468,CVE-2015-4469,CVE-2015-4470,CVE-2015-4471,CVE-2015-4472 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): libmspack-0.4-14.4 SUSE Linux Enterprise Software Development Kit 12 (src): libmspack-0.4-14.4 SUSE Linux Enterprise Server 12-SP1 (src): libmspack-0.4-14.4 SUSE Linux Enterprise Server 12 (src): libmspack-0.4-14.4 SUSE Linux Enterprise Desktop 12-SP1 (src): libmspack-0.4-14.4 SUSE Linux Enterprise Desktop 12 (src): libmspack-0.4-14.4
All supported code streams are fixed.