Security update for libmspack
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2015:0366-1
Final
1
1
2015-01-30T13:57:38Z
current
2015-01-30T13:57:38Z
2015-01-30T13:57:38Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for libmspack
libmspack was updated to fix one security issue.
This security issue was fixed:
- Possible DoS by infinite loop (bnc#912214, CVE-2014-9556)
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-DESKTOP-12-2015-95,SUSE-SLE-SDK-12-2015-95,SUSE-SLE-SERVER-12-2015-95
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2015/suse-su-20150366-1/
Link for SUSE-SU-2015:0366-1
https://lists.suse.com/pipermail/sle-security-updates/2015-February/001249.html
E-Mail link for SUSE-SU-2015:0366-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/912214
SUSE Bug 912214
https://www.suse.com/security/cve/CVE-2014-9556/
SUSE CVE CVE-2014-9556 page
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Software Development Kit 12
libmspack0-0.4-6.1
libmspack-devel-0.4-6.1
libmspack0-0.4-6.1 as a component of SUSE Linux Enterprise Desktop 12
libmspack0-0.4-6.1 as a component of SUSE Linux Enterprise Server 12
libmspack0-0.4-6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
libmspack-devel-0.4-6.1 as a component of SUSE Linux Enterprise Software Development Kit 12
Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.
CVE-2014-9556
SUSE Linux Enterprise Desktop 12:libmspack0-0.4-6.1
SUSE Linux Enterprise Server 12:libmspack0-0.4-6.1
SUSE Linux Enterprise Server for SAP Applications 12:libmspack0-0.4-6.1
SUSE Linux Enterprise Software Development Kit 12:libmspack-devel-0.4-6.1
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20150366-1/
https://www.suse.com/security/cve/CVE-2014-9556.html
CVE-2014-9556
https://bugzilla.suse.com/912214
SUSE Bug 912214
https://bugzilla.suse.com/919283
SUSE Bug 919283
https://bugzilla.suse.com/934533
SUSE Bug 934533