cabextract, libmspack: Multiple vulnerabilities — GLSA 201903-20

Multiple vulnerabilities have been found in cabextract and libmspack, the worst of which could result in a Denial of Service.

Affected packages

app-arch/cabextract on all architectures
Affected versions < 1.8
Unaffected versions >= 1.8
dev-libs/libmspack on all architectures
Affected versions < 0.8_alpha
Unaffected versions >= 0.8_alpha

Background

cabextract is free software for extracting Microsoft cabinet files.

libmspack is a portable library for some loosely related Microsoft compression formats

Description

Multiple vulnerabilities have been discovered in cabextract and libmspack. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE’s for details.

Workaround

There is no known workaround at this time.

Resolution

All cabextract users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-arch/cabextract-1.8"
 

All libmspack users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/libmspack-0.8_alpha"
 

References

Release date
March 28, 2019

Latest revision
March 28, 2019: 1

Severity
normal

Exploitable
remote

Bugzilla entries