[SECURITY] [DLA-1460-1] libmspack security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA-1460-1] libmspack security update
From: Chris Lamb <lamby@debian.org>
Date: Mon, 06 Aug 2018 10:20:01 +0100
Message-id: <[🔎] 1533547201.902540.1464692776.58FB8534@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libmspack
Version        : 0.5-1+deb8u2
CVE ID         : CVE-2018-14681 CVE-2018-14682 CVE-2018-14679 CVE-2018-14680 
Debian Bugs    : #904799 #904800 #904801 #904802

It was discovered that there were several vulnerabilities in
libsmpack, a library used to handle Microsoft compression formats.

A remote attacker could craft malicious .CAB, .CHM or .KWAJ files
and use these flaws to cause a denial of service via application
crash, or potentially execute arbitrary code.

For Debian 8 "Jessie", this issue has been fixed in libmspack
version 0.5-1+deb8u2.

We recommend that you upgrade your libmspack packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAltoETQACgkQHpU+J9Qx
HlgL0w/9GaWjzUE1vBQ5xIXkWNgdipZXBBDciAJIpzv4tybRSg1+qDuijtT4DujX
jHgihHZ3h6NZMJ1alRzLniG2Z1k9m5t9bBREyktsEKQMUohAHqcDKNbLX6cndVg6
8spukDIYeZE5dmvQLMA0jhvvOH6GADwk95tk/ebA2bESkUVA4J5xkNroALbGKrH5
yykysilXnzEXBDh8dJVH+vmes0YCpld05nVNabqCL94zKnqOLyMR8737N4hdJnZL
OX66xwyeTF4qQd5uPsRYgCJ89gwHE5BoVqnE4HbdgVwzmXZHZYelrp7HJ2/Xmhbt
MhtMAYFbwuK4fxwB1ZrwRDrX0LXMvM5hmUK6l5CzGX4P4k6yVvv3FVG9UlxDaeUi
HnTe68+JDNuG+am816irceHfvF9xRjjcKJEmNYeeFVUBFXBbaJQ4UwD68SCXSpL8
hdPvxHCDQOg8HNEH4w6NIJPO/O+emqmYLDEiCNOPcMrnWxzxbevAVPi8oBJcfJL9
jrDU2gpXuFY43pcxyHb8fz+sGOWgKnfaBl9i8Fh5LebtzYfzGq92bTLBdbH/VHVP
31iSPHxG1nyauem2IVPJNcZ2FcasH/e590a+tyepSdhgDdu+NwMVdXO+Xrbvkt6n
1zYKdXyc6aXuPXLm+xfyHaSlLpzYCO8WA4LQ095gzpvGhaeVrqU=
=cPhM
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1458-1] xml-security-c security update
Next by Date: [SECURITY] [DLA 1437-2] slurm-llnl regression update
Previous by thread: [SECURITY] [DLA 1458-1] xml-security-c security update
Next by thread: [SECURITY] [DLA 1437-2] slurm-llnl regression update
Index(es):
- Date
- Thread