Bugzilla – Bug 934527
VUL-1: CVE-2015-4470: cabextract,libmspack: off-by-one buffer over-read in mspack/mszipd.c
Last modified: 2017-03-06 11:59:27 UTC
Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive. References: https://bugzilla.redhat.com/show_bug.cgi?id=1196157 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4470 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775498 For SLE 11, this needs to be fixed libmspack and cabextract. For SLE 12, cabextract builds --with-external-libmspack, so only libmspack needs to be fixed.
An update workflow for this issue was started. This issue was rated as low. Please submit fixed packages until 2015-07-10. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61986
bugbot adjusting priority
This looks like a fix: https://github.com/kyz/libmspack/commit/3673b713d15bbd3ce564b8e313a121bad23aa362 Naming the patch as libmspack-mszipd-inflate-off-by-one.patch.
SLE12: https://build.suse.de/request/show/60400 https://build.suse.de/package/show/home:sbrabec:branches:libmspack-security/libmspack.SUSE_SLE-12_Update SLE11 and openSUSE will be prepared tomorrow.
Patch applied seamlessly to SLE11 libmspack: https://build.suse.de/project/show/home:sbrabec:branches:libmspack-security-sle11
Done. https://build.suse.de/project/show/home:sbrabec:branches:libmspack-security-sle11 libmspack: https://build.suse.de/request/show/60558 cabextract: https://build.suse.de/request/show/60560
SUSE-SU-2015:2131-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 934524,934527,934528 CVE References: CVE-2014-9556,CVE-2014-9732,CVE-2015-4470,CVE-2015-4471 Sources used: SUSE Linux Enterprise Desktop 11-SP4 (src): cabextract-1.2-2.12.1 SUSE Linux Enterprise Desktop 11-SP3 (src): cabextract-1.2-2.12.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): cabextract-1.2-2.12.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): cabextract-1.2-2.12.1
SUSE-SU-2015:2215-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 934524,934525,934526,934527,934528,934529 CVE References: CVE-2014-9732,CVE-2015-4467,CVE-2015-4469,CVE-2015-4470,CVE-2015-4471,CVE-2015-4472 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Software Development Kit 11-SP3 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server for VMWare 11-SP3 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11-SP4 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11-SP3 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Desktop 11-SP4 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Desktop 11-SP3 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): libmspack-0.0.20060920alpha-74.10.1
It seems to be fixed long time ago. All SLE versions are fixed. All openSUSE versions contain versions newer than libmspack-0.4-3.