Debian Bug report logs -
#911640
libmspack: CVE-2018-18584: CAB block input buffer is one byte too small for maximal Quantum block
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 22 Oct 2018 22:12:09 UTC
Severity: important
Tags: patch, security, upstream
Found in versions libmspack/0.5-1, libmspack/0.5-1+deb9u2, libmspack/0.7-1
Fixed in versions libmspack/0.8-1, libmspack/0.5-1+deb9u3
Done: Thorsten Alteholz <debian@alteholz.de>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Marc Dequènes (Duck) <Duck@DuckCorp.org>:
Bug#911640; Package src:libmspack.
(Mon, 22 Oct 2018 22:12:12 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Marc Dequènes (Duck) <Duck@DuckCorp.org>.
(Mon, 22 Oct 2018 22:12:12 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libmspack
Version: 0.5-1
Severity: important
Tags: patch security upstream
Hi
From https://www.openwall.com/lists/oss-security/2018/10/22/1
> if a CAB file has a Quantum-compressed datablock with exactly 38912
> compressed bytes, cabextract will write exactly one byte beyond its
> input buffer.
Fix: https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2
Regards,
Salvatore
Marked as found in versions libmspack/0.5-1+deb9u2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 22 Oct 2018 22:15:05 GMT) (full text, mbox, link).
Marked as found in versions libmspack/0.7-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 22 Oct 2018 22:15:05 GMT) (full text, mbox, link).
Changed Bug title to 'libmspack: CVE-2018-18584: CAB block input buffer is one byte too small for maximal Quantum block' from 'libmspack: CAB block input buffer is one byte too small for maximal Quantum block'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 23 Oct 2018 06:12:02 GMT) (full text, mbox, link).
Reply sent
to Marc Dequènes (Duck) <Duck@DuckCorp.org>:
You have taken responsibility.
(Wed, 24 Oct 2018 01:39:10 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 24 Oct 2018 01:39:10 GMT) (full text, mbox, link).
Message #16 received at 911640-close@bugs.debian.org (full text, mbox, reply):
Source: libmspack
Source-Version: 0.8-1
We believe that the bug you reported is fixed in the latest version of
libmspack, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 911640@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Marc Dequènes (Duck) <Duck@DuckCorp.org> (supplier of updated libmspack package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 24 Oct 2018 10:03:13 +0900
Source: libmspack
Binary: libmspack0 libmspack-dev libmspack-doc
Architecture: source amd64 all
Version: 0.8-1
Distribution: unstable
Urgency: medium
Maintainer: Marc Dequènes (Duck) <Duck@DuckCorp.org>
Changed-By: Marc Dequènes (Duck) <Duck@DuckCorp.org>
Description:
libmspack-dev - library for Microsoft compression formats (development files)
libmspack-doc - library for Microsoft compression formats (documentation)
libmspack0 - library for Microsoft compression formats (shared library)
Closes: 911637 911639 911640
Changes:
libmspack (0.8-1) unstable; urgency=medium
.
* New upstream release:
+ CVE-2018-18585 (Closes: #911637)
+ CVE-2018-18584 (Closes: #911640)
+ CVE-2018-18586 (Closes: #911639)
Checksums-Sha1:
451257a0dc726672b88ea37a881a77ab1c749d86 2012 libmspack_0.8-1.dsc
43b01cb13f70ad3a273ab4edbe7a7298b35dd59e 488869 libmspack_0.8.orig.tar.gz
93c82f4502677f2bdacf2026e6e86426bacce1b6 3328 libmspack_0.8-1.debian.tar.xz
611a9600c776da89158bb64acc62a8d7f905e334 66600 libmspack-dev_0.8-1_amd64.deb
dfa1ecfbd448809ba6a47b9d8aad360d93a4cab8 329376 libmspack-doc_0.8-1_all.deb
3fa5b5b0d0000d1d49e924dac0c2e2000375d371 98644 libmspack0-dbgsym_0.8-1_amd64.deb
395a3bdfbe93870500c53e69106698731b6f6950 48204 libmspack0_0.8-1_amd64.deb
7bdc9e6cb29a131ba9e6a60b3ee49f206d92993d 7805 libmspack_0.8-1_amd64.buildinfo
Checksums-Sha256:
6e97b6a49db065d76e9c27cc329af48230d7bd7e03903b087f7be5973db7b573 2012 libmspack_0.8-1.dsc
0533792e9561375a5fce1bc96bbc65ec778af486e0daa3803b226da9244addaf 488869 libmspack_0.8.orig.tar.gz
1779726c5bfd7c8b882d7e4abf755800b5bc4aea118a69a79bf7b958e55fddc4 3328 libmspack_0.8-1.debian.tar.xz
726561bda64248dee539ea7ced7e080e3d4eaa37430c310482a508bd7c339ada 66600 libmspack-dev_0.8-1_amd64.deb
897a7051fb914c41da4b965304b2be7794b6198181231a0fe68fdc68b97d9044 329376 libmspack-doc_0.8-1_all.deb
a1f155e392259cea8b96f63b99aee8b625cbeca1006eb3b3e6fb6d7e1b3a764a 98644 libmspack0-dbgsym_0.8-1_amd64.deb
f7a911bf784a615ca7f2dcd6e241c0991ac5ddfff2037da1cd0639c01833bffd 48204 libmspack0_0.8-1_amd64.deb
09049f9e7feb52f66360b4248de9e4ea5d4480a53ec679847f9c5965ff5e1a17 7805 libmspack_0.8-1_amd64.buildinfo
Files:
3051a7d4d60a415efed41ccad9a34d3b 2012 libs optional libmspack_0.8-1.dsc
be4ed61868c6c1ecc173b678ce3459be 488869 libs optional libmspack_0.8.orig.tar.gz
20f03bdf943dccb67c78c793d1f0f3be 3328 libs optional libmspack_0.8-1.debian.tar.xz
9aeeee08c49881c346e1d0cafc19df28 66600 libdevel optional libmspack-dev_0.8-1_amd64.deb
d339bc7d06d0e5603ca37c9e8955f1b0 329376 doc optional libmspack-doc_0.8-1_all.deb
6cb61ede4edabf038d43cfeb35b9bb2a 98644 debug optional libmspack0-dbgsym_0.8-1_amd64.deb
57cb3a2a5429df5d8bbfc0405fac356a 48204 libs optional libmspack0_0.8-1_amd64.deb
6bf5b76fae5b041b834a809fe97ecea2 7805 libs optional libmspack_0.8-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEcpcqg+UmRT3yiF+BVen596wcRD8FAlvPx5EACgkQVen596wc
RD+NMA//c8riD79aK9TMMzLGuiaQMfQaALjxydo2cJEYMw8uT6jKdI7z7aGJxAV5
3/FI8RbOlDJZnfMa0ouR8J4ulh46Ug59Pwt32de8ewHY0R5z702nttShcbKcXc1t
8uJy9VxMb/zdBVBZbOTc1FKAEqc8fgT9J0aynSokVGVG9CSMVzxWqwbJ6C2G9Z8+
A8j4NmkuTmHtIWeRrE5JzRb1dz2lcxwTpN9Co2J9EEp1mb2I2RGIxzz+ORBYuo6y
9aZsItoHgEN4GBqDyNLUeTb4OFqDnToMxhhgRRycsoruAdFk2416N1LhWuuKLCSH
Gei7bg7cmMEhLi5yHPsnzCdSS6iebtli7PZCCKiqWf11InovXE7S+yEeAzOe5DGF
Tl7K3WSy1sK6nXx4Ano5Vc6gsW3aRvfkKZG/+8A0hnEM+oSuXRBqJooWcXoJo28Y
U1TU66TXMj7lGvCek4+fs/Pzj7Uh4zY8fZ6aFU7aKKh/IbO1m+oGIe/GiNM5YpPu
8zF63o+C2vx6i9bV24yYyD7FwezqQrY+kMPpTwaAJehyb28HveCh0+g5j45E34eL
GfoZaa0vbED+iL5PpSE70SYZGFZ2LBqSmfMUQxI683GUpJyNKr/9QNc7i0EbGW4q
jz63tXtG8+dMufbpf8uGicmDaOy9fhVW6jJNnEf4ep/O89YdrAA=
=kh/S
-----END PGP SIGNATURE-----
Reply sent
to Thorsten Alteholz <debian@alteholz.de>:
You have taken responsibility.
(Thu, 01 Nov 2018 19:57:45 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Thu, 01 Nov 2018 19:57:45 GMT) (full text, mbox, link).
Message #21 received at 911640-close@bugs.debian.org (full text, mbox, reply):
Source: libmspack
Source-Version: 0.5-1+deb9u3
We believe that the bug you reported is fixed in the latest version of
libmspack, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 911640@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <debian@alteholz.de> (supplier of updated libmspack package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 26 Oct 2018 19:03:02 +0200
Source: libmspack
Binary: libmspack0 libmspack-dev libmspack-dbg libmspack-doc
Architecture: source amd64 all
Version: 0.5-1+deb9u3
Distribution: stretch
Urgency: high
Maintainer: Marc Dequènes (Duck) <Duck@DuckCorp.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
libmspack-dbg - library for Microsoft compression formats (debugging symbols)
libmspack-dev - library for Microsoft compression formats (development files)
libmspack-doc - library for Microsoft compression formats (documentation)
libmspack0 - library for Microsoft compression formats (shared library)
Closes: 911637 911640
Changes:
libmspack (0.5-1+deb9u3) stretch; urgency=high
.
* Non-maintainer upload by the LTS Team.
* CVE-2018-18584 (Closes: #911640)
Fixing the size of the CAB block input buffer, which is too small
for the maximal Quantum block, prevents an out-of-bounds write.
* CVE-2018-18585 (Closes: #911637)
Blank filenames (having length zero or their 1st or 2nd byte is
null) should be rejected.
Checksums-Sha1:
6123d845d3d64a60c6695eb45ee9ad6a848164fc 2265 libmspack_0.5-1+deb9u3.dsc
226f19b1fc58e820671a1749983b06896e108cc4 654193 libmspack_0.5.orig.tar.gz
7797a99abb491f8f62de314e4902c689187eec08 8020 libmspack_0.5-1+deb9u3.debian.tar.xz
887d8421bdc25454f628686c1af98a4048dcd681 89308 libmspack-dbg_0.5-1+deb9u3_amd64.deb
c4ee410f8f4782543ea57e2a7819caaf724ab25f 64614 libmspack-dev_0.5-1+deb9u3_amd64.deb
d3d6e3ba6297f2a700b907981a43e14683861cee 101106 libmspack-doc_0.5-1+deb9u3_all.deb
d9b6525e1ba2d97bef78e6ca45282cf0cfc58e20 46316 libmspack0_0.5-1+deb9u3_amd64.deb
5060762c88b4eb9c8b08645b6c4fd920ed6c8826 6776 libmspack_0.5-1+deb9u3_amd64.buildinfo
Checksums-Sha256:
6c0360afe8783609ecd27a049e670bf6cda911e2a64a47498bc8d131844b70c7 2265 libmspack_0.5-1+deb9u3.dsc
8967f275525f5067b364cee43b73e44d0433668c39f9376dfff19f653d1c8110 654193 libmspack_0.5.orig.tar.gz
dd7f68e70b356f32e4a4a6efac7d40dafae69bb17b80018da90076c9cbfb82d3 8020 libmspack_0.5-1+deb9u3.debian.tar.xz
6936a7045056fcc3bca19adafbf642096d1ebe7f9c9f58e199818c1a2ad67bbe 89308 libmspack-dbg_0.5-1+deb9u3_amd64.deb
293d993d1404559d05efdc081db3a58ecabd5845cd2eebaf2a169d98129de00f 64614 libmspack-dev_0.5-1+deb9u3_amd64.deb
0a0c1252f1292df880296bfe8d6be6c1cd6a9c1c4d671b982b147b62e9d31561 101106 libmspack-doc_0.5-1+deb9u3_all.deb
4ccd429b6ac18541b87b1b6b667f4ac5ffbdb28622e2a705967eedf42f822936 46316 libmspack0_0.5-1+deb9u3_amd64.deb
8e51125ca0f37ea07a633eec4668460c612ceacd7c28fa3b6058dc3340560c4a 6776 libmspack_0.5-1+deb9u3_amd64.buildinfo
Files:
4817efaef272bf44fb04f2f8e046065d 2265 libs optional libmspack_0.5-1+deb9u3.dsc
3aa3f6b9ef101463270c085478fda1da 654193 libs optional libmspack_0.5.orig.tar.gz
4d29195ed633024179ce9cdad71c5dd8 8020 libs optional libmspack_0.5-1+deb9u3.debian.tar.xz
5f5025e976ff3249f6d5a8e9639e1b15 89308 debug extra libmspack-dbg_0.5-1+deb9u3_amd64.deb
93fa350b17c33ba25fd5bce9f5ff6ef3 64614 libdevel optional libmspack-dev_0.5-1+deb9u3_amd64.deb
03f878972efa022e8a16e4a181739d96 101106 doc optional libmspack-doc_0.5-1+deb9u3_all.deb
706d7b030e07e6d2786a60d14056da78 46316 libs optional libmspack0_0.5-1+deb9u3_amd64.deb
3af8399f04cc951ae08fa09e208e1825 6776 libs optional libmspack_0.5-1+deb9u3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlvXBn5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR2UzD/4ysjwhbublUNRkB9uEO+LtmHAjJQ5E
Nl1lubQQXkSMbHEKQi2T/Iw2uZdfp1Tzv6VeBFey6LrC+zbN2hT/TyZVytb62k5G
TkLCwKi40dlulFBBhXUQdpBhF6DlAQf3RuvJ5pG55jFr10o10AnfVM644SqZougZ
dzjv+QzatY6tFmGR0uvCHVZHZ5P2VHZx0amA2VMJErQH4Q4/ajyEGCpyJJpK16td
n0ubf0kcrzfP+vlWQkh4w+JfjMY7x3+F31EOAcVBvmT4ND6wyuQvU326lSuYB4Ek
7MoN9jp+EJgtti1kNorkg0KSVKYlO2eYvv5Y0U5acXK42BRnvTS0KzoSQzMt/iIB
g8a5qmDD2Ej10frpXm90QHaXBxVFziO9NS/FoS1SLIn/XWpjX1Qv7hqrRD4XjXkw
LeBEaSqFMdNtRzb1izIloTYoFTexk0T7Q5qQcWwWvJElyMaKwSAHirQKjAyPjR22
7ztQXou9s7dcVpIGNnr+JAmmukCPpe1EnPvXPnkxygUBtcHiUdjlFUsAvu4oi9F6
ByhDfVT8y7R4pvoHK+uJryHTOQt5pMq5SPzhBHSsFY323GDaFlpu97OA9stNlVxC
0jxKwp3D459gyl1taYXM3akx/dR44/ZeG2fVOXUuhhVbWkBsmqPHy+dS19LKLWvv
eWqtXvhHwv/FEQ==
=PLoE
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 30 Nov 2018 07:27:46 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:13:11 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon