Security update for libmspack SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:2215-1 Final 1 1 2015-12-07T14:08:59Z current 2015-12-07T14:08:59Z 2015-12-07T14:08:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libmspack libmspack was updated to fix several security vulnerabilities. - Fix null pointer dereference on a crafted CAB. (bsc#934524, CVE-2014-9732) - Fix denial of service while processing crafted CHM file. (bsc#934525, CVE-2015-4467) - Fix denial of service while processing crafted CHM file. (bsc#934529, CVE-2015-4472) - Fix pointer arithmetic overflow during CHM decompression. (bsc#934526, CVE-2015-4469) - Fix off-by-one buffer over-read in mspack/mszipd.c. (bsc#934527, CVE-2015-4470) - Fix off-by-one buffer under-read in mspack/lzxd.c. (bsc#934528, CVE-2015-4471) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp3-libmspack-12249,sdksp4-libmspack-12249,sledsp3-libmspack-12249,sledsp4-libmspack-12249,slessp3-libmspack-12249,slessp4-libmspack-12249 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20152215-1/ Link for SUSE-SU-2015:2215-1 https://lists.suse.com/pipermail/sle-security-updates/2015-December/001720.html E-Mail link for SUSE-SU-2015:2215-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/934524 SUSE Bug 934524 https://bugzilla.suse.com/934525 SUSE Bug 934525 https://bugzilla.suse.com/934526 SUSE Bug 934526 https://bugzilla.suse.com/934527 SUSE Bug 934527 https://bugzilla.suse.com/934528 SUSE Bug 934528 https://bugzilla.suse.com/934529 SUSE Bug 934529 https://www.suse.com/security/cve/CVE-2014-9732/ SUSE CVE CVE-2014-9732 page https://www.suse.com/security/cve/CVE-2015-4467/ SUSE CVE CVE-2015-4467 page https://www.suse.com/security/cve/CVE-2015-4469/ SUSE CVE CVE-2015-4469 page https://www.suse.com/security/cve/CVE-2015-4470/ SUSE CVE CVE-2015-4470 page https://www.suse.com/security/cve/CVE-2015-4471/ SUSE CVE CVE-2015-4471 page https://www.suse.com/security/cve/CVE-2015-4472/ SUSE CVE CVE-2015-4472 page SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 libmspack-devel-0.0.20060920alpha-74.10.1 libmspack0-0.0.20060920alpha-74.10.1 libmspack0-0.0.20060920alpha-74.10.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 libmspack0-0.0.20060920alpha-74.10.1 as a component of SUSE Linux Enterprise Desktop 11 SP4 libmspack0-0.0.20060920alpha-74.10.1 as a component of SUSE Linux Enterprise Server 11 SP3 libmspack0-0.0.20060920alpha-74.10.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA libmspack0-0.0.20060920alpha-74.10.1 as a component of SUSE Linux Enterprise Server 11 SP4 libmspack0-0.0.20060920alpha-74.10.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 libmspack0-0.0.20060920alpha-74.10.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libmspack-devel-0.0.20060920alpha-74.10.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 libmspack-devel-0.0.20060920alpha-74.10.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive. CVE-2014-9732 SUSE Linux Enterprise Desktop 11 SP3:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Desktop 11 SP4:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11 SP3:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11 SP4:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Software Development Kit 11 SP3:libmspack-devel-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmspack-devel-0.0.20060920alpha-74.10.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152215-1/ https://www.suse.com/security/cve/CVE-2014-9732.html CVE-2014-9732 https://bugzilla.suse.com/934524 SUSE Bug 934524 https://bugzilla.suse.com/934533 SUSE Bug 934533 The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file. CVE-2015-4467 SUSE Linux Enterprise Desktop 11 SP3:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Desktop 11 SP4:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11 SP3:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11 SP4:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Software Development Kit 11 SP3:libmspack-devel-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmspack-devel-0.0.20060920alpha-74.10.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152215-1/ https://www.suse.com/security/cve/CVE-2015-4467.html CVE-2015-4467 https://bugzilla.suse.com/934524 SUSE Bug 934524 https://bugzilla.suse.com/934525 SUSE Bug 934525 https://bugzilla.suse.com/934529 SUSE Bug 934529 https://bugzilla.suse.com/934533 SUSE Bug 934533 The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file. CVE-2015-4469 SUSE Linux Enterprise Desktop 11 SP3:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Desktop 11 SP4:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11 SP3:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11 SP4:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Software Development Kit 11 SP3:libmspack-devel-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmspack-devel-0.0.20060920alpha-74.10.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152215-1/ https://www.suse.com/security/cve/CVE-2015-4469.html CVE-2015-4469 https://bugzilla.suse.com/934524 SUSE Bug 934524 https://bugzilla.suse.com/934526 SUSE Bug 934526 https://bugzilla.suse.com/934529 SUSE Bug 934529 https://bugzilla.suse.com/934533 SUSE Bug 934533 Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive. CVE-2015-4470 SUSE Linux Enterprise Desktop 11 SP3:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Desktop 11 SP4:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11 SP3:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11 SP4:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Software Development Kit 11 SP3:libmspack-devel-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmspack-devel-0.0.20060920alpha-74.10.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152215-1/ https://www.suse.com/security/cve/CVE-2015-4470.html CVE-2015-4470 https://bugzilla.suse.com/934527 SUSE Bug 934527 https://bugzilla.suse.com/934533 SUSE Bug 934533 Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive. CVE-2015-4471 SUSE Linux Enterprise Desktop 11 SP3:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Desktop 11 SP4:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11 SP3:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11 SP4:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Software Development Kit 11 SP3:libmspack-devel-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmspack-devel-0.0.20060920alpha-74.10.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152215-1/ https://www.suse.com/security/cve/CVE-2015-4471.html CVE-2015-4471 https://bugzilla.suse.com/934528 SUSE Bug 934528 https://bugzilla.suse.com/934533 SUSE Bug 934533 Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file. CVE-2015-4472 SUSE Linux Enterprise Desktop 11 SP3:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Desktop 11 SP4:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11 SP3:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server 11 SP4:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libmspack0-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Software Development Kit 11 SP3:libmspack-devel-0.0.20060920alpha-74.10.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libmspack-devel-0.0.20060920alpha-74.10.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152215-1/ https://www.suse.com/security/cve/CVE-2015-4472.html CVE-2015-4472 https://bugzilla.suse.com/934525 SUSE Bug 934525 https://bugzilla.suse.com/934529 SUSE Bug 934529 https://bugzilla.suse.com/934533 SUSE Bug 934533