Sicherheit: Zwei Probleme in libmspack

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7048549779219875983==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="ogQlwA80QpLxvGVjctOEuBbVkGqHScwWp"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--ogQlwA80QpLxvGVjctOEuBbVkGqHScwWp
Content-Type: multipart/mixed;
boundary="r8tWeEp8tqAx96oB4dNsPGuffb03aScqj";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <f4aa573e-5487-b713-5c58-a9327a2221bb@canonical.com>
Subject: [USN-3394-1] libmspack vulnerabilities

--r8tWeEp8tqAx96oB4dNsPGuffb03aScqj
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3394-1
August 17, 2017

libmspack vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in libmspack.

Software Description:
- libmspack: library for Microsoft compression formats

Details:

It was discovered that libmspack incorrectly handled certain malformed CHM
files. A remote attacker could use this issue to cause libmspack to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2017-6419)

It was discovered that libmspack incorrectly handled certain malformed CAB
files. A remote attacker could use this issue to cause libmspack to crash,
resulting in a denial of service. (CVE-2017-6419)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
libmspack0 0.5-1ubuntu0.17.04.1

Ubuntu 16.04 LTS:
libmspack0 0.5-1ubuntu0.16.04.1

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3394-1
CVE-2017-11423, CVE-2017-6419

Package Information:
https://launchpad.net/ubuntu/+source/libmspack/0.5-1ubuntu0.17.04.1
https://launchpad.net/ubuntu/+source/libmspack/0.5-1ubuntu0.16.04.1

--r8tWeEp8tqAx96oB4dNsPGuffb03aScqj--

--ogQlwA80QpLxvGVjctOEuBbVkGqHScwWp
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJZldRrAAoJEGVp2FWnRL6TXuQP/1onyoCI8cAOaK+amcNqf8pa
4d0wclMraHS7m7xRRwlZwJC5v/2r6etZ6Yzhdwko5x+6DVLN+jP3EfzJayHFdC+p
DBtQkYfACBkXGrkRL1sSssOzQLRUQeIfUx/s0JgmTKVASTxE2mLe3GbwBwfni10u
8Ks1GJE89Ab0ctSgCu012zZwQaOGfhlgq2wWwGbX8RezkIpWKV0m1HNtiA89gQZw
E6ZLkuXSC7usEWXqN6+2GSxtK5MY8TRxBZJygXst8N3RnzLmgRm+PauBaGfUYCX5
xY34MJ+72UsED/VLjbgzAd4h1j9vWIIMlIcNLmBzim8xyOPsusQN9HFqBEO0zMn/
nPt3lnSDPbZC+eeFIeKY5gNgd4FcIu9YOyKipgyJqW/OQ0bHkdxoyqYXExVQV7mm
eanuTWi8YDValju8QAmphZth2MUynYC7LCdQ0i3S9OwgHbo5Qfhu14V9iDgx3nbg
vzb8UlDm5eAnObIGWfcEPDJoSudTlnXHrMpA9R/LD5jrdzRMD9dk12r9+t9DbkSk
0e+JZC9gcuxut/ZVbZJuVHBNJ4m1blVqfrbcKPNEHXjTKZo1o9uRXPCVMqCK+2pm
X+Q29Xig10zpgGd4DpT60pbkMXJHiKdqT8ehtM5Y+rJuQEK+UQw930p1D/yzGoz7
JxjdfpDBTPco4nQklh4L
=Mbsi
-----END PGP SIGNATURE-----

--ogQlwA80QpLxvGVjctOEuBbVkGqHScwWp--

--===============7048549779219875983==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============7048549779219875983==--