[SECURITY] [DLA 2805-1] libmspack security update

2021-10-3119:33:51

lists.debian.org

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

48.0%

JSON

Debian LTS Advisory DLA-2805-1 [email protected]
https://www.debian.org/lts/security/ Adrian Bunk
October 31, 2021 https://wiki.debian.org/LTS

Package : libmspack
Version : 0.5-1+deb9u4
CVE ID : CVE-2019-1010305

Opening a crafted chm file could result in a buffer overflow in libmspack,
a library for Microsoft compression formats.

For Debian 9 stretch, this problem has been fixed in version
0.5-1+deb9u4.

We recommend that you upgrade your libmspack packages.

For the detailed security status of libmspack please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libmspack

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8i386libmspack-dev< 0.5-1+deb8u4libmspack-dev_0.5-1+deb8u4_i386.deb
Debian9i386libmspack-dev< 0.5-1+deb9u4libmspack-dev_0.5-1+deb9u4_i386.deb
Debian9armhflibmspack0< 0.5-1+deb9u4libmspack0_0.5-1+deb9u4_armhf.deb
Debian8armellibmspack0< 0.5-1+deb8u4libmspack0_0.5-1+deb8u4_armel.deb
Debian8alllibmspack< 0.5-1+deb8u4libmspack_0.5-1+deb8u4_all.deb
Debian9alllibmspack< 0.5-1+deb9u4libmspack_0.5-1+deb9u4_all.deb
Debian9amd64libmspack-dbg< 0.5-1+deb9u4libmspack-dbg_0.5-1+deb9u4_amd64.deb
Debian9alllibmspack-doc< 0.5-1+deb9u4libmspack-doc_0.5-1+deb9u4_all.deb
Debian9armellibmspack-dbg< 0.5-1+deb9u4libmspack-dbg_0.5-1+deb9u4_armel.deb
Debian9amd64libmspack-dev< 0.5-1+deb9u4libmspack-dev_0.5-1+deb9u4_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	i386	libmspack-dev	< 0.5-1+deb8u4	libmspack-dev_0.5-1+deb8u4_i386.deb
Debian	9	i386	libmspack-dev	< 0.5-1+deb9u4	libmspack-dev_0.5-1+deb9u4_i386.deb
Debian	9	armhf	libmspack0	< 0.5-1+deb9u4	libmspack0_0.5-1+deb9u4_armhf.deb
Debian	8	armel	libmspack0	< 0.5-1+deb8u4	libmspack0_0.5-1+deb8u4_armel.deb
Debian	8	all	libmspack	< 0.5-1+deb8u4	libmspack_0.5-1+deb8u4_all.deb
Debian	9	all	libmspack	< 0.5-1+deb9u4	libmspack_0.5-1+deb9u4_all.deb
Debian	9	amd64	libmspack-dbg	< 0.5-1+deb9u4	libmspack-dbg_0.5-1+deb9u4_amd64.deb
Debian	9	all	libmspack-doc	< 0.5-1+deb9u4	libmspack-doc_0.5-1+deb9u4_all.deb
Debian	9	armel	libmspack-dbg	< 0.5-1+deb9u4	libmspack-dbg_0.5-1+deb9u4_armel.deb
Debian	9	amd64	libmspack-dev	< 0.5-1+deb9u4	libmspack-dev_0.5-1+deb9u4_amd64.deb