Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20181022081735.1d940b71@computer>
Date: Mon, 22 Oct 2018 08:17:35 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Buffer overflow in cabextract/libmspack (Fwd: New cabextract 1.8
 and libmspack 0.8 release)

New cabextract and libmspack fix a buffer overflow.
Notably libmspack is also used in clamav.

Forwarding the release notes here:

--------------------------

Hello all,

cabextract 1.8 has been released. It greatly improves its ability to 
extract damaged files with the "-f" option, and the cabinfo command has 
been rewritten.

It also fixes this bug:

* if a CAB file has a Quantum-compressed datablock with exactly 38912 
compressed bytes, cabextract will write exactly one byte beyond its 
input buffer.

cabextract can be downloaded from https://www.cabextract.org.uk/

SHA256 sums:

2d9b5ba24239ba6eac02bdee6f2fa208bb4d0a14c84ed81792fc35c213140f38 
cabextract-1.8-1.i386.rpm
54138e652fa0fa39e021d66b6315994f906cda965ddb786117f28276f135664e 
cabextract-1.8-1.src.rpm
082b8ec149babc9ae10b5d6568eb764c67e75c3cfc379b1211b88b980febebd7 
cabextract-1.8.tar.gz

libmspack 0.8alpha has also been released.

It adds the new parameter MSCABD_PARAM_SALVAGE which permits salvaging 
badly damaged files rather than rejecting them outright.

It fixes several bugs:

* the above 38912-byte Quantum CAB block bug
* libmspack now also rejects blank CHM filenames that are blank because 
they have embedded null bytes, not just because they are zero-length
* chmextract now protects you from absolute/relative pathnames in CHM
  files

libmspack can be downloaded from
https://www.cabextract.org.uk/libmspack/

SHA256 sum:

0533792e9561375a5fce1bc96bbc65ec778af486e0daa3803b226da9244addaf 
libmspack-0.8alpha.tar.gz

If you wish to patch an older version, please look at commits |8759da8, 
||7cadd48 and ||40ef1b4 in the git repository.|

Regards
Stuart



-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.