[SECURITY] [DLA-1460-1] libmspack security update

2018-08-06T09:20:01
ID DEBIAN:DLA-1460-1:BB975
Type debian
Reporter Debian
Modified 2018-08-06T09:20:01

Description

Package : libmspack Version : 0.5-1+deb8u2 CVE ID : CVE-2018-14681 CVE-2018-14682 CVE-2018-14679 CVE-2018-14680 Debian Bugs : #904799 #904800 #904801 #904802

It was discovered that there were several vulnerabilities in libsmpack, a library used to handle Microsoft compression formats.

A remote attacker could craft malicious .CAB, .CHM or .KWAJ files and use these flaws to cause a denial of service via application crash, or potentially execute arbitrary code.

For Debian 8 "Jessie", this issue has been fixed in libmspack version 0.5-1+deb8u2.

We recommend that you upgrade your libmspack packages.

Regards,


  ,''`.
 : :'  :     Chris Lamb
 `. `'`      lamby@debian.org / chris-lamb.co.uk
   `-