Bugzilla – Bug 934528
VUL-1: CVE-2015-4471: cabextract,libmspack: off-by-one buffer under-read in mspack/lzxd.c
Last modified: 2017-03-06 12:23:59 UTC
Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive. References: https://bugzilla.redhat.com/show_bug.cgi?id=1196153 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4471 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775499 https://github.com/kyz/libmspack/commit/18b6a2cc0b87536015bedd4f7763e6b02d5aa4f3 For SLE 11, this needs to be fixed libmspack and cabextract. For SLE 12, cabextract builds --with-external-libmspack, so only libmspack needs to be fixed.
An update workflow for this issue was started. This issue was rated as low. Please submit fixed packages until 2015-07-10. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61986
bugbot adjusting priority
libmspack-lzxd_decompress-underread.patch https://build.suse.de/package/show/home:sbrabec:branches:libmspack-security/libmspack.SUSE_SLE-12_Update
SLE12: https://build.suse.de/request/show/60400 SLE11 and openSUSE will be prepared tomorrow.
Patch applied seamlessly to SLE11 libmspack: https://build.suse.de/project/show/home:sbrabec:branches:libmspack-security-sle11
Done. https://build.suse.de/project/show/home:sbrabec:branches:libmspack-security-sle11 libmspack: https://build.suse.de/request/show/60558 cabextract: https://build.suse.de/request/show/60560
SUSE-SU-2015:2131-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 934524,934527,934528 CVE References: CVE-2014-9556,CVE-2014-9732,CVE-2015-4470,CVE-2015-4471 Sources used: SUSE Linux Enterprise Desktop 11-SP4 (src): cabextract-1.2-2.12.1 SUSE Linux Enterprise Desktop 11-SP3 (src): cabextract-1.2-2.12.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): cabextract-1.2-2.12.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): cabextract-1.2-2.12.1
SUSE-SU-2015:2215-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 934524,934525,934526,934527,934528,934529 CVE References: CVE-2014-9732,CVE-2015-4467,CVE-2015-4469,CVE-2015-4470,CVE-2015-4471,CVE-2015-4472 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Software Development Kit 11-SP3 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server for VMWare 11-SP3 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11-SP4 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11-SP3 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Desktop 11-SP4 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Desktop 11-SP3 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): libmspack-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): libmspack-0.0.20060920alpha-74.10.1
SUSE-SU-2016:0011-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 934524,934525,934526,934527,934528,934529 CVE References: CVE-2014-9732,CVE-2015-4467,CVE-2015-4468,CVE-2015-4469,CVE-2015-4470,CVE-2015-4471,CVE-2015-4472 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): libmspack-0.4-14.4 SUSE Linux Enterprise Software Development Kit 12 (src): libmspack-0.4-14.4 SUSE Linux Enterprise Server 12-SP1 (src): libmspack-0.4-14.4 SUSE Linux Enterprise Server 12 (src): libmspack-0.4-14.4 SUSE Linux Enterprise Desktop 12-SP1 (src): libmspack-0.4-14.4 SUSE Linux Enterprise Desktop 12 (src): libmspack-0.4-14.4
It seems to be fixed long time ago. All SLE versions are fixed. All openSUSE versions contain versions newer than libmspack-0.4-3.