Two security issues

Debian Bug report logs - #591552
Two security issues

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Two security issues

Date: Tue, 03 Aug 2010 17:07:38 -0400

Package: cabextract
Version: 1.2-4
Severity: grave
Tags: security

The following was sent to us by Red Hat:

1, Infinite loop in MS-ZIP and Quantum decoders (minor issue):
(CVE-2010-2800)

A deficiency has been reported in the way cabextract extracted
certain Cabinet (*.cab) files, using the MZ-ZIP and Quantum decompressors.
If a local user was tricked into opening a specially-crafted *.cab
file, it could lead to infinite loop.

References:
  [1] http://bugs.gentoo.org/show_bug.cgi?id=329891

Upstream patches:
  [2] http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=90
  [3] http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=95
  [4] http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/

2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode
(CVE-2010-2801)

An integer wrap-around flaw has been reported in the way cabextract processed
certain Cabinet (*.cab) archive files. If a local user was tricked into opening
a specially-crafted *.cab archive in test archive mode, it could lead to cabextract
executable crash.

References:
  [1] http://bugs.gentoo.org/show_bug.cgi?id=329891

Upstream patches:
  [2] http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113
  [3] http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118

I'll update CVE-2010-2801 for stable-security, CVE-2010-2800 is borderline of a security
issue.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages cabextract depends on:
ii  libc6                         2.11.2-2   Embedded GNU C Library: Shared lib

cabextract recommends no packages.

cabextract suggests no packages.

-- no debconf information

Message #10 received at 591552@bugs.debian.org (full text, mbox, reply):

From: Eric Sharkey <eric@lisaneric.org>

To: Moritz Muehlenhoff <jmm@debian.org>, 591552@bugs.debian.org

Subject: Re: Bug#591552: Two security issues

Date: Tue, 3 Aug 2010 17:27:01 -0400

I'm aware of these issues and will be uploading a new cabextract
package shortly.

I'd just like to note that the potential for security vulnerabilities
here seems very small to me.

Eric Sharkey
sharkey@debian.org

Message #15 received at 591552-close@bugs.debian.org (full text, mbox, reply):

From: Eric Sharkey <sharkey@debian.org>

To: 591552-close@bugs.debian.org

Subject: Bug#591552: fixed in cabextract 1.3-1

Date: Wed, 04 Aug 2010 04:17:23 +0000

Source: cabextract
Source-Version: 1.3-1

We believe that the bug you reported is fixed in the latest version of
cabextract, which is due to be installed in the Debian FTP archive:

cabextract_1.3-1.debian.tar.gz
  to main/c/cabextract/cabextract_1.3-1.debian.tar.gz
cabextract_1.3-1.dsc
  to main/c/cabextract/cabextract_1.3-1.dsc
cabextract_1.3-1_i386.deb
  to main/c/cabextract/cabextract_1.3-1_i386.deb
cabextract_1.3.orig.tar.gz
  to main/c/cabextract/cabextract_1.3.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 591552@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Eric Sharkey <sharkey@debian.org> (supplier of updated cabextract package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 03 Aug 2010 23:38:56 -0400
Source: cabextract
Binary: cabextract
Architecture: source i386
Version: 1.3-1
Distribution: unstable
Urgency: low
Maintainer: Eric Sharkey <sharkey@debian.org>
Changed-By: Eric Sharkey <sharkey@debian.org>
Description: 
 cabextract - a program to extract Microsoft Cabinet files
Closes: 591552
Changes: 
 cabextract (1.3-1) unstable; urgency=low
 .
   * New upstream version: Closes: #591552
Checksums-Sha1: 
 7550c147052db27aadbe923fbb50e9471e7b243c 993 cabextract_1.3-1.dsc
 f00ffc4168855b7ef684594614f7242d77540441 218454 cabextract_1.3.orig.tar.gz
 c73861ac8401489b7b7ef5d86d0aaf410a26f7f2 6997 cabextract_1.3-1.debian.tar.gz
 7c8e5474e1f5d33c85272bc21448513bbbc3e594 48970 cabextract_1.3-1_i386.deb
Checksums-Sha256: 
 27320c7d581edb226ce5291199609c6fda28ee1915340077d6403cc10651fdd7 993 cabextract_1.3-1.dsc
 3b62086d0e7b5fd2d649dac09b7cacb36c02acaff5bbfcea5fffe48cd1bc1739 218454 cabextract_1.3.orig.tar.gz
 7b931203203fba13f7d4623386aeb76b8906ca5e7f10f0d239e1355e7650d65f 6997 cabextract_1.3-1.debian.tar.gz
 cccc69e48bd866859930c6fae7d05f83070bf600a3c6e7be64a723aa2942f24a 48970 cabextract_1.3-1_i386.deb
Files: 
 e78c4cc4b035a81aa3b2cbaf93f308a3 993 utils optional cabextract_1.3-1.dsc
 dd520b9d6896a963b01f19c647d5f206 218454 utils optional cabextract_1.3.orig.tar.gz
 dbc2e021683001adc15cc7fb0fc12bf1 6997 utils optional cabextract_1.3-1.debian.tar.gz
 d29d76365ab3c19042c7761e1752ebf7 48970 utils optional cabextract_1.3-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkxY5LUACgkQclUlAyIk+ryGUQCdHtF/yJX3eD6Ok6fdnt/4BSEv
uugAoJKb3z4urXNqWp2RMvqUpphK8ilD
=VS15
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.