oss-sec mailing list archives
Buffer overflow in cabextract/libmspack (Fwd: New cabextract 1.8 and libmspack 0.8 release)
From: Hanno Böck <hanno () hboeck de>
Date: Mon, 22 Oct 2018 08:17:35 +0200
New cabextract and libmspack fix a buffer overflow. Notably libmspack is also used in clamav. Forwarding the release notes here: -------------------------- Hello all, cabextract 1.8 has been released. It greatly improves its ability to extract damaged files with the "-f" option, and the cabinfo command has been rewritten. It also fixes this bug: * if a CAB file has a Quantum-compressed datablock with exactly 38912 compressed bytes, cabextract will write exactly one byte beyond its input buffer. cabextract can be downloaded from https://www.cabextract.org.uk/ SHA256 sums: 2d9b5ba24239ba6eac02bdee6f2fa208bb4d0a14c84ed81792fc35c213140f38 cabextract-1.8-1.i386.rpm 54138e652fa0fa39e021d66b6315994f906cda965ddb786117f28276f135664e cabextract-1.8-1.src.rpm 082b8ec149babc9ae10b5d6568eb764c67e75c3cfc379b1211b88b980febebd7 cabextract-1.8.tar.gz libmspack 0.8alpha has also been released. It adds the new parameter MSCABD_PARAM_SALVAGE which permits salvaging badly damaged files rather than rejecting them outright. It fixes several bugs: * the above 38912-byte Quantum CAB block bug * libmspack now also rejects blank CHM filenames that are blank because they have embedded null bytes, not just because they are zero-length * chmextract now protects you from absolute/relative pathnames in CHM files libmspack can be downloaded from https://www.cabextract.org.uk/libmspack/ SHA256 sum: 0533792e9561375a5fce1bc96bbc65ec778af486e0daa3803b226da9244addaf libmspack-0.8alpha.tar.gz If you wish to patch an older version, please look at commits |8759da8, ||7cadd48 and ||40ef1b4 in the git repository.| Regards Stuart -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Current thread:
- Buffer overflow in cabextract/libmspack (Fwd: New cabextract 1.8 and libmspack 0.8 release) Hanno Böck (Oct 21)
- Re: Buffer overflow in cabextract/libmspack (Fwd: New cabextract 1.8 and libmspack 0.8 release) Salvatore Bonaccorso (Oct 23)