Bug 1113038 - (CVE-2018-18584) VUL-1: CVE-2018-18584: libmspack: CAB block input buffer extended by one byte to allow extra byte added after the block by cabd_sys_read_block
(CVE-2018-18584)
VUL-1: CVE-2018-18584: libmspack: CAB block input buffer extended by one byte...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/217869/
CVSSv2:NVD:CVE-2018-18584:4.3:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-24 07:14 UTC by Alexander Bergmann
Modified: 2020-10-27 15:27 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-10-24 07:14:48 UTC
CVE-2018-18584

FTR, three CVEs were assigned by MITRE, whereeas one is explicitly
marked as DISPUTED, because upstream makes clear in the changelog
entry, that the chmextract utility is more an example code how to use
the library rather than "productised" binaries. Still a CVE was
assigned for downstreams using it as such.

Upstream changelog:
2018-10-17  Stuart Caie <kyzer@cabextract.org.uk>
* cab.h: Make the CAB block input buffer one byte larger, to allow
a maximum-allowed-size input block and the special extra byte added
after the block by cabd_sys_read_block to help Quantum alignment.
Thanks to Henri Salo for reporting this.

Upstream fix:
https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2

References:
https://www.openwall.com/lists/oss-security/2018/10/23/11
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18584
Comment 2 Swamp Workflow Management 2018-10-26 14:00:07 UTC
This is an autogenerated message for OBS integration:
This bug (1113038) was mentioned in
https://build.opensuse.org/request/show/644862 15.0 / libmspack
https://build.opensuse.org/request/show/644863 42.3 / libmspack
Comment 4 Swamp Workflow Management 2018-10-29 09:40:06 UTC
This is an autogenerated message for OBS integration:
This bug (1113038) was mentioned in
https://build.opensuse.org/request/show/645188 15.0 / libmspack
https://build.opensuse.org/request/show/645191 42.3 / libmspack
Comment 5 Swamp Workflow Management 2018-10-29 12:42:17 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2018-11-12.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64167
Comment 6 Swamp Workflow Management 2018-10-30 11:13:32 UTC
openSUSE-SU-2018:3562-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1113038,1113039,1113040
CVE References: CVE-2018-18584,CVE-2018-18585,CVE-2018-18586
Sources used:
openSUSE Leap 42.3 (src):    libmspack-0.5-8.3.1
Comment 7 Swamp Workflow Management 2019-03-26 17:17:39 UTC
SUSE-SU-2019:0748-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1113038,1113039
CVE References: CVE-2018-18584,CVE-2018-18585
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    libmspack-0.6-3.3.11
SUSE Linux Enterprise Module for Basesystem 15 (src):    libmspack-0.6-3.3.11

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2019-03-27 14:26:57 UTC
SUSE-SU-2019:13992-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1113038,1113039
CVE References: CVE-2018-18584,CVE-2018-18585
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libmspack-0.0.20060920alpha-74.11.6.1
SUSE Linux Enterprise Server 11-SP4 (src):    libmspack-0.0.20060920alpha-74.11.6.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libmspack-0.0.20060920alpha-74.11.6.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2020-09-22 19:19:07 UTC
SUSE-SU-2020:2711-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1113038,1113039,1130489,1141680
CVE References: CVE-2018-18584,CVE-2018-18585,CVE-2019-1010305
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    libmspack-0.4-15.7.1
SUSE Linux Enterprise Server 12-SP5 (src):    libmspack-0.4-15.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Alexandros Toptsoglou 2020-10-27 15:27:37 UTC
DONE