Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 22 Oct 2018 08:17:35 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Buffer overflow in cabextract/libmspack (Fwd: New cabextract 1.8
 and libmspack 0.8 release)

New cabextract and libmspack fix a buffer overflow.
Notably libmspack is also used in clamav.

Forwarding the release notes here:

--------------------------

Hello all,

cabextract 1.8 has been released. It greatly improves its ability to 
extract damaged files with the "-f" option, and the cabinfo command has 
been rewritten.

It also fixes this bug:

* if a CAB file has a Quantum-compressed datablock with exactly 38912 
compressed bytes, cabextract will write exactly one byte beyond its 
input buffer.

cabextract can be downloaded from https://www.cabextract.org.uk/

SHA256 sums:

2d9b5ba24239ba6eac02bdee6f2fa208bb4d0a14c84ed81792fc35c213140f38 
cabextract-1.8-1.i386.rpm
54138e652fa0fa39e021d66b6315994f906cda965ddb786117f28276f135664e 
cabextract-1.8-1.src.rpm
082b8ec149babc9ae10b5d6568eb764c67e75c3cfc379b1211b88b980febebd7 
cabextract-1.8.tar.gz

libmspack 0.8alpha has also been released.

It adds the new parameter MSCABD_PARAM_SALVAGE which permits salvaging 
badly damaged files rather than rejecting them outright.

It fixes several bugs:

* the above 38912-byte Quantum CAB block bug
* libmspack now also rejects blank CHM filenames that are blank because 
they have embedded null bytes, not just because they are zero-length
* chmextract now protects you from absolute/relative pathnames in CHM
  files

libmspack can be downloaded from
https://www.cabextract.org.uk/libmspack/

SHA256 sum:

0533792e9561375a5fce1bc96bbc65ec778af486e0daa3803b226da9244addaf 
libmspack-0.8alpha.tar.gz

If you wish to patch an older version, please look at commits |8759da8, 
||7cadd48 and ||40ef1b4 in the git repository.|

Regards
Stuart



-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.