Synopsis:          Low: libmspack security update
Advisory ID:       SLSA-2018:3327-1
Issue Date:        2018-10-30
CVE Numbers:       CVE-2018-14679
                   CVE-2018-14681
                   CVE-2018-14680
                   CVE-2018-14682
--

Security Fix(es):

* libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity
checks (CVE-2018-14679)

* libmspack: off-by-one error in the CHM chunk number validity checks
(CVE-2018-14680)

* libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c
(CVE-2018-14681)

* libmspack: off-by-one error in the TOLOWER() macro for CHM decompression
(CVE-2018-14682)
--

SL7
  x86_64
    libmspack-0.5-0.6.alpha.el7.i686.rpm
    libmspack-0.5-0.6.alpha.el7.x86_64.rpm
    libmspack-debuginfo-0.5-0.6.alpha.el7.i686.rpm
    libmspack-debuginfo-0.5-0.6.alpha.el7.x86_64.rpm
    libmspack-devel-0.5-0.6.alpha.el7.i686.rpm
    libmspack-devel-0.5-0.6.alpha.el7.x86_64.rpm

- Scientific Linux Development Team