SUSE SLED15 / SLES15 Security Update : libmspack (SUSE-SU-2019:0748-1)

This update for libmspack fixes the following issues : Security issues fixed : CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. bsc1113038 CVE-2018-18585: chmdreadheaders accepted a filename that has '\0' as its...

CVE-2018-18584

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write...