OVAL Reference oval:org.opensuse.security:def:55669

Oval Definition:

oval:org.opensuse.security:def:55669

Revision Date:	2020-12-01	Version:	1
Title:	Security update for libmspack (Moderate)
Description:	libmspack was updated to fix security issues. These security issues were fixed: * CVE-2014-9732: The cabd_extract function in cabd.c in libmspack did not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive (bnc#934524). * CVE-2015-4467: The chmd_init_decomp function in chmd.c in libmspack did not properly validate the reset interval, which allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file (bnc#934525). * CVE-2015-4468: Multiple integer overflows in the search_chunk function in chmd.c in libmspack allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file (bnc#934526). * CVE-2015-4469: The chmd_read_headers function in chmd.c in libmspack did not validate name lengths, which allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file (bnc#934526). * CVE-2015-4470: Off-by-one error in the inflate function in mszipd.c in libmspack allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive (bnc#934527). * CVE-2015-4471: Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack allowed remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive (bnc#934528). * CVE-2015-4472: Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file (bnc#934529).
Family:	unix	Class:	patch
Status:		Reference(s):	1020868 1020890 1020976 1022428 1034911 1038564 1042892 1052311 1052368 1083125 1085447 1090368 1090646 1091236 1097973 1097974 1118894 1128471 1128472 1128474 1128476 1128480 1128481 1128490 1128492 1128493 1144504 1149458 1151839 813026 883947 934524 934525 934526 934527 934528 934529 958861 962189 992966 996821 CVE-2010-4530 CVE-2013-0788 CVE-2013-0789 CVE-2013-0790 CVE-2013-0791 CVE-2013-0792 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0797 CVE-2013-0798 CVE-2013-0799 CVE-2013-0800 CVE-2014-4607 CVE-2014-9732 CVE-2015-3226 CVE-2015-3227 CVE-2015-3294 CVE-2015-4467 CVE-2015-4468 CVE-2015-4469 CVE-2015-4470 CVE-2015-4471 CVE-2015-4472 CVE-2015-8000 CVE-2015-8704 CVE-2016-6318 CVE-2017-1000112 CVE-2017-13166 CVE-2017-3302 CVE-2017-3313 CVE-2017-8890 CVE-2017-9242 CVE-2018-5805 CVE-2018-5806 CVE-2018-5808 CVE-2018-8781 CVE-2018-8897 CVE-2019-12625 CVE-2019-12900 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 SUSE-SU-2015:2359-1 SUSE-SU-2016:0011-1 SUSE-SU-2016:0200-1 SUSE-SU-2016:2107-1 SUSE-SU-2017:1315-1 SUSE-SU-2017:2446-1 SUSE-SU-2018:1509-1 SUSE-SU-2018:1528-1 SUSE-SU-2019:0002-1 SUSE-SU-2019:0655-1 SUSE-SU-2019:3066-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND iputils-s20161105-lp150.5 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information libheimdal-7.7.0-lp151.3.3 is installed OR libheimdal-devel-7.7.0-lp151.3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information MozillaFirefox-17.0.5esr-0.4 is installed OR MozillaFirefox-branding-SLED-7-0.6.9 is installed OR MozillaFirefox-translations-17.0.5esr-0.4 is installed OR libfreebl3-3.14.3-0.4.3 is installed OR libfreebl3-32bit-3.14.3-0.4.3 is installed OR mozilla-nspr-4.9.6-0.3 is installed OR mozilla-nspr-32bit-4.9.6-0.3 is installed OR mozilla-nss-3.14.3-0.4.3 is installed OR mozilla-nss-32bit-3.14.3-0.4.3 is installed OR mozilla-nss-tools-3.14.3-0.4.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information bind-9.9.6P1-0.22 is installed OR bind-libs-9.9.6P1-0.22 is installed OR bind-libs-32bit-9.9.6P1-0.22 is installed OR bind-utils-9.9.6P1-0.22 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND Package Information libmspack-0.4-14 is installed OR libmspack0-0.4-14 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information bind-9.9.6P1-32 is installed OR bind-libs-9.9.6P1-32 is installed OR bind-libs-32bit-9.9.6P1-32 is installed OR bind-utils-9.9.6P1-32 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information libraw-0.15.4-27 is installed OR libraw9-0.15.4-27 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND dnsmasq-2.71-8 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_54-default-2-2 is installed OR kgraft-patch-3_12_74-60_64_54-xen-2-2 is installed OR kgraft-patch-SLE12-SP1_Update_19-2-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND ant-1.9.4-1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information java-1_7_1-ibm-1.7.1_sr4.30-38.26 is installed OR java-1_7_1-ibm-alsa-1.7.1_sr4.30-38.26 is installed OR java-1_7_1-ibm-devel-1.7.1_sr4.30-38.26 is installed OR java-1_7_1-ibm-jdbc-1.7.1_sr4.30-38.26 is installed OR java-1_7_1-ibm-plugin-1.7.1_sr4.30-38.26 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_121-92_98-default-2-2 is installed OR kgraft-patch-SLE12-SP2_Update_26-2-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND ucode-intel-20180703-13.25 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND libzip2-0.11.1-12 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libpolkit0-0.113-5.18 is installed OR polkit-0.113-5.18 is installed OR typelib-1_0-Polkit-1_0-0.113-5.18 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libjavascriptcoregtk-4_0-18-2.24.4-2.47 is installed OR libwebkit2gtk-4_0-37-2.24.4-2.47 is installed OR libwebkit2gtk3-lang-2.24.4-2.47 is installed OR typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47 is installed OR typelib-1_0-WebKit2-4_0-2.24.4-2.47 is installed OR webkit2gtk-4_0-injected-bundles-2.24.4-2.47 is installed OR webkit2gtk3-2.24.4-2.47 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information apache2-2.4.23-29.54 is installed OR apache2-doc-2.4.23-29.54 is installed OR apache2-example-pages-2.4.23-29.54 is installed OR apache2-prefork-2.4.23-29.54 is installed OR apache2-utils-2.4.23-29.54 is installed OR apache2-worker-2.4.23-29.54 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information openssh-7.2p2-74.42 is installed OR openssh-askpass-gnome-7.2p2-74.42 is installed OR openssh-fips-7.2p2-74.42 is installed OR openssh-helpers-7.2p2-74.42 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND git-core-2.12.3-27.14 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND ruby2.1-rubygem-activesupport-4_2-4.2.2-2 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information ruby2.1-rubygem-actionmailer-4_2-4.2.9-3.3 is installed OR ruby2.1-rubygem-actionpack-4_2-4.2.9-7.3 is installed OR ruby2.1-rubygem-actionview-4_2-4.2.9-9.3 is installed OR ruby2.1-rubygem-activejob-4_2-4.2.9-3.3 is installed OR ruby2.1-rubygem-activemodel-4_2-4.2.9-6.3 is installed OR ruby2.1-rubygem-activerecord-4_2-4.2.9-6.3 is installed OR ruby2.1-rubygem-activesupport-4_2-4.2.9-7.3 is installed OR ruby2.1-rubygem-rails-4_2-4.2.9-3.3 is installed OR ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.3 is installed OR ruby2.1-rubygem-railties-4_2-4.2.9-3.3 is installed OR rubygem-actionmailer-4_2-4.2.9-3.3 is installed OR rubygem-actionpack-4_2-4.2.9-7.3 is installed OR rubygem-actionview-4_2-4.2.9-9.3 is installed OR rubygem-activejob-4_2-4.2.9-3.3 is installed OR rubygem-activemodel-4_2-4.2.9-6.3 is installed OR rubygem-activerecord-4_2-4.2.9-6.3 is installed OR rubygem-activesupport-4_2-4.2.9-7.3 is installed OR rubygem-rails-4_2-4.2.9-3.3 is installed OR rubygem-rails-html-sanitizer-1.0.3-8.3 is installed OR rubygem-railties-4_2-4.2.9-3.3 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information kernel-default-4.4.180-94.100 is installed OR kernel-default-base-4.4.180-94.100 is installed OR kernel-default-devel-4.4.180-94.100 is installed OR kernel-devel-4.4.180-94.100 is installed OR kernel-macros-4.4.180-94.100 is installed OR kernel-source-4.4.180-94.100 is installed OR kernel-syms-4.4.180-94.100 is installed OR kgraft-patch-4_4_180-94_100-default-1-4.3 is installed OR kgraft-patch-SLE12-SP3_Update_27-1-4.3 is installed
Definition Synopsis
SUSE OpenStack Cloud 9 is installed AND Package Information mariadb-10.2.31-3.25 is installed OR mariadb-galera-10.2.31-3.25 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND binutils-2.32-9.33 is installed

BACK