Lucene search

K
centosCentOS ProjectCESA-2020:3848
HistoryOct 20, 2020 - 6:22 p.m.

libmspack security update

2020-10-2018:22:57
CentOS Project
lists.centos.org
406
libmspack
security update
buffer overflow
chmd_read_headers
microsoft
centos
cve-2019-1010305
red hat enterprise linux 7.9
cab file format
compression
extraction

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

56.6%

CentOS Errata and Security Advisory CESA-2020:3848

The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft.

Security Fix(es):

  • libmspack: buffer overflow in function chmd_read_headers() (CVE-2019-1010305)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2020-October/032825.html

Affected packages:
libmspack
libmspack-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2020:3848

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

56.6%