libmspack-devel-0.5-2.8 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10365-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libmspack-devel-0.5-2.8 on GA media These are all security issues fixed in the libmspack-devel-0.5-2.8 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10365 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2010-2800/ SUSE CVE CVE-2010-2800 page https://www.suse.com/security/cve/CVE-2010-2801/ SUSE CVE CVE-2010-2801 page https://www.suse.com/security/cve/CVE-2014-9556/ SUSE CVE CVE-2014-9556 page openSUSE Tumbleweed libmspack-devel-0.5-2.8 libmspack0-0.5-2.8 libmspack0-32bit-0.5-2.8 libmspack-devel-0.5-2.8 as a component of openSUSE Tumbleweed libmspack0-0.5-2.8 as a component of openSUSE Tumbleweed libmspack0-32bit-0.5-2.8 as a component of openSUSE Tumbleweed The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library. CVE-2010-2800 openSUSE Tumbleweed:libmspack-devel-0.5-2.8 openSUSE Tumbleweed:libmspack0-0.5-2.8 openSUSE Tumbleweed:libmspack0-32bit-0.5-2.8 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2800.html CVE-2010-2800 https://bugzilla.suse.com/627753 SUSE Bug 627753 Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library. CVE-2010-2801 openSUSE Tumbleweed:libmspack-devel-0.5-2.8 openSUSE Tumbleweed:libmspack0-0.5-2.8 openSUSE Tumbleweed:libmspack0-32bit-0.5-2.8 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2801.html CVE-2010-2801 https://bugzilla.suse.com/627753 SUSE Bug 627753 Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop. CVE-2014-9556 openSUSE Tumbleweed:libmspack-devel-0.5-2.8 openSUSE Tumbleweed:libmspack0-0.5-2.8 openSUSE Tumbleweed:libmspack0-32bit-0.5-2.8 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-9556.html CVE-2014-9556 https://bugzilla.suse.com/912214 SUSE Bug 912214 https://bugzilla.suse.com/919283 SUSE Bug 919283 https://bugzilla.suse.com/934533 SUSE Bug 934533